The last three days witnessed a wave of password breach from social network websites including LinkedIn, e-Harmony and Last.fm. Even the presidential candidate Mitt Romany’s Hotmail account was hacked, stirring the media on online security since last year’s Sony PlayStation Network hack.
LinkedIn informed its users that 6.5 million account passwords were stolen and uploaded to a password hacking forum InsidePro. Soon after the news followed the online dating website eHarmony, who stated that 1.5 million of their user passwords were stolen. And most recently, a British music site Last.fm posted on their homepage that they had lost “some” of their users’ passwords. It is expected the three social network websites were hacked by the same hacker.
While users are called to reset their passwords and LinkedIn even asked FBI to investigate the theft, there are lessons we need to learn from the password breach of social network.
Realize the risk of losing a password
If one LinkedIn user’s password were stolen by a hacker, his member profile, containing resumes, work experience, and job hunting activities, may all be fraudulently used for cyber-crime based on the user’s identity. Another potential danger is that while, LinkedIn may send email to the user asking him to reset the password, hackers can send scam emails and link the user to phishing sites.
What’s worse, if the user uses same password for different websites, thieves could access those websites, be it Facebook, Gmail, PayPal, Amazon, etc. After obtaining the user’s account name and password, thieves usually test whether they’ll work for other sites. If the user’s bank websites were logged in, severe financial loss may occur.
Realize the current situation of internet security
Social network has been increasingly targeted by cybercriminals. During this series of security breach, eight million passwords were obtained by hackers, making it one of the largest hacks that experts have seen. One of the reasons that cybercriminals switch over to social network is that these websites do not have effective encryption on passwords and mature anti-spam features. In fact, LinkedIn confirmed that it used SHA-1 hashing algorithm to encrypt its passwords. Ironically, InsidPro, where the cracked passwords were uploaded, has several password recovery software which can crack the ineffective SHA-1 algorithm.
Many analysts believe that the number of the stolen passwords could be much higher than eight million, and some predicts that more hacking activities are on its way.
Keep sensitive data safe
Yes, there are more many ways to set passwords that are difficult to hack, and more securities are being implemented online, but hackers are also getting more proficient in finding ways to go around them. Whether social network websites can protect users’ information well or not, it seems that the best way to keep your personal sensitive data safe is not on the Internet.
