TRICARE in Trouble Again- More Lawsuits to Face
Several LinkedIn members were up for a shock on June 6th when their account passwords were ‘no longer valid’. LinkedIn confirmed a breach of its network which led to the compromise of hashed passwords associated with LinkedIn accounts. Although there is no confirmation as to the number of passwords that have been affected, several reports estimate it to be about 6.5 million.
While news about this breach was made public on June 6th, reports posted on The Verge website early during the day suggested that a user in a Russian online forum claims to have hacked LinkedIn and had uploaded hashed passwords into the forum. However, no usernames were disclosed.
Producing a SHA-1 hash of his own LinkedIn password Seth Hanford, Incident Manager for Cisco’s Product Security Incident Response Team said in his blog that it is quite easy to confirm the compromise of LinkedIn passwords as claimed by many. Graham Cluley, a senior technology consultant at Sophos mentioned in his blog that Sophos researches also confirmed that the leaked list contained hashed LinkedIn passwords. He said that while the data which has been released so far does not include associated email addresses of members, it is reasonable to assume that such information may be in the hands of criminals.
Lurking Concerns Following the Breach
According to the Founder and President of Javelin Strategy & Research, Jim Van Dyke, there are concerns about the connection between fraud and LinkedIn. During a survey on identity fraud, it was noted that there was high correlation between users of a particular social media site and actual fraud victims, and that LinkedIn users had one of the highest correlations to fraud. This means that LinkedIn users are more likely to be victims of fraud than those who do not have LinkedIn accounts. The reasons stem from the fact that fraudsters use LinkedIn to gather information about business professionals to easily create false identities. This, in turn could stem from the reason that LinkedIn users have higher average income than non-LinkedIn users.
The second, and rather big concern related to the LinkedIn breach is the potential exposure of email addresses. Aite fraud and security analyst Julie McNelley says that the impact of such an exposure could be much bigger than the hack that exposed email addresses used by the email marketing firm Epsilon.
According to McNelley exposure of email addresses in this case where business professionals’ email addresses are involved, could open the possibility of highly targeted phishing attacks. These email addresses coupled with the information gathered through their public profiles on LinkedIn gives out a good deal of data about these users, which could be misused.
Whether you like it or not, the truth is that hacking attacks are now much more common. A hacking attack of this magnitude only further reinforces the fact. The only thing you could do to prevent such attacks is to ensure that your systems are well protected by a comprehensive security solution like SecureGRC, which can come a long way in protecting your data from malicious attacks for they primarily help you assess your security posture and ensure that you remain compliant to established standards and regulatory controls. Preventive information security assessment is better than face-saving cures.
Related posts
