LinkedIn users were in for a shock when they found out that the website had been hacked and the hackers took with them users’ login information including passwords. Some users might have laughed it off because their account didn’t contain any valuable information but for others it was a nightmare, especially for those who are in the habit of using the same password for every website even for their banking accounts and credit cards. Users are now left questioning the security practices of LinkedIn and whether any social networking website is safe or not.
LinkedIn is now desperately trying to make up for their blunders and laziness shown when it came to the security of the users’ data. Sites do often get hacked but it seems that in the case of LinkedIn, their security professionals were either really inept or they had too much faith in the wrong security practices. The organization was not even encrypting the data in order to stop the hackers from making the head or tail of the data even if they stole it.
Trying to make things right, LinkedIn is now hashing and salting the new and old passwords of its users and by doing so the data will be scrambled and it will not be of much use to any potential hackers. However the frustrated users would say how come this practice wasn’t put into effect before? The job of data security professionals is to foresee the potential risks and to take steps in order to safeguard themselves against such risks.
In seems like LinkedIn is now bringing out the big guns in order to deal with its security breach situation. It even called in the FBI to investigate how the hacking of users’ login information took place. And perhaps this was a smart move because according to some news sources, the passwords of LinkedIn users, although hashed but unfortunately not salted, were posted on a Russian forum. The passwords might have already been decoded.
A blog post
LinkedIn has also posted a blog in which it has issued an apology and is continuously updating their users on the steps being taken by the company to secure users’ information. The LinkedIn director Vicente Silveira is also answering any concerned questions coming from its users. Silveira has stated that they want their activities conducted with regard to safeguarding information to be transparent to the public and that the investigation with the FBI is still going on. The blog post also noted that all immediate steps were being taken by the company.
The blog post further stated that all users whose accounts had been hacked have been notified by LinkedIn, and those users who accounts were not hacked in or will not be in the future are believed to out of the harm’s way. It also said that those accounts whose passwords have been leaked were up till now not being accessed by any unauthorized users and those passwords who the company presumes to be at risk have been disabled. If any user’s password was not disabled or the user was not notified they should consider their information safe.
LinkedIn will have to keep taking steps in order to ensure that the information of its users is completely safe and that no users suffers a heavy loss because his or her account was been accessed by a hacker. How the organization deals with this situation will demonstrate to the public how capable it is of handling users’ personal information.
We recommend you to change your password, ASAP!