Blog

Are you IN? You better hope not...

In some socially ugly news, the business-focused social network LinkedIn

In some socially ugly news, the business-focused social network LinkedIn was hacked, leading to the theft of millions of users' passwords: The breach is the latest in a string of high-profile hacks affecting companies and governments around the world, which have put the personal information of millions at risk. With LinkedIn, computer security experts discovered files with some 6.4 million scrambled passwords on Tuesday, which they originally suspected belong to LinkedIn members because some of the passwords included the phrase "LinkedIn," said Graham Cluley, a senior technology consultant with British computer security software maker Sophos. When Sophos dug further, it found other passwords on the list belonged to Sophos employees, who only used them to secure their LinkedIn accounts, he said. But it is possible that all or just some of those 6.4 million passwords belong to LinkedIn members, Cluley added. Here's the kicker though: At least two security experts who examined the files believed to contain the stolen LinkedIn passwords said the company had failed to use best practices for protecting the data. The experts said that LinkedIn used a vanilla or basic technique for encrypting, or scrambling, the passwords which allows hackers to quickly unscramble all passwords after they figure out the formula by which any single password has been encrypted. Brutal. (Here's some quick insight into why encryption is generally a false sense of security.) Ironically, this large-scale breach comes out when only a couple weeks ago Verizon's 2012 Data Breach Report suggested that cyber criminals were setting their sights on smaller-sized businesses due to larger enterprises becoming tougher to get through.