LinkedIn Users Hacked, 6 Million Affected
LinkedIn is making news once again today in the world of technology security.
The social netwrok company has confirmed today that is has been hacked. The usernames and passwords of six million LinkedIn users have been stolen or compromised. LinkedIn has over 160 millino users. This estimate of users hacked has come from several postings on hacking websites from people who wanted to learn how to hack a LinkedIn account. It looks like they figured it out.
LinkedIn was not the only victim of a site hacking today: the popular online dating website eHarmony was also hit by a hack attack, with estimates saying that over 1.5 million people had been hit. Their usernames and passwords were also stolen. At this time, there are very few details available about the hack attack itself. Both companies are conducting an ongoing investigation into the hackings.
This report comes as a good reminder to people about their own password security. Security experts say that people are taking a big risk when they use the same or similar passwords for several different accounts or log ins. With this knowledge, if a hacker can hack one of your accounts, they will be able to hack several of your accounts, including your email or online banking passwords. Make sure you keep yourself safe and secure from hackers by choosing strong passwords and using different passwords for different things.
Matt Cutts, the leader of Google’s web spam team, said to be careful and released a statement on his Twitter account warning everyone about the usage of the same passwords on many accounts.
“Use the same password on LinkedIn & Gmail?” he wrote. “I’d change both immediately.”
Sites like LinkedIn and eHarmony are prime targets for criminals. Bad hackers look for ways they can access a trove of personal data for relatively little work, said security expert Hemanshu Nigam, of the security consulting firm SPP Blue.
LinkedIn, particularly, can be attractive to hackers because the professional information they can steal from the site is easy to use in fake e-mail “phishing” scams.
“I think people oftentimes don’t realize the extreme value of professional information,” Nigam said. Because the e-mails come from a business associate or simply from a trusted domain name, Nigam said, “The trust level in these settings is much higher than on the open Internet.”
It’s been a rough week for LinkedIn, as the company addressed one privacy issue only to move into another. Before the attack, LinkedIn had addressed a separate privacy issue: researchers found the company was taking more data from Smartphone calendar apps than was indicated in its terms of service. The company had been sending all the information in some calendar events to its servers in order to sync it with the LinkedIn app on users phones.
The data-slurping was discovered by security researchers Adi Sharabani and Yair Amit. Sharabani said it is an example of a good feature that wasn’t thought through quite enough.
“It’s a great feature,” Sharabani said. “The major trouble is that they did it without telling the user.”
He was particularly concerned that LinkedIn’s servers were getting data taken from calendar meeting notes, which could include things like call-in numbers and pass codes. LinkedIn said Wednesday that it would no longer send the note data to its servers.