The recent news that top business networking site LinkedIn had a significant number of passwords compromised has been the biggest story in the information security world this week. It is disappointing but not surprising that LinkedIn was affected this breach. What went wrong in their security process?
- An as of yet undisclosed vulnerability (probably some type of database injection attack) led to unauthorized access which allowed the hacker to download the site’s hashed password database.
- Even though the passwords were hashed they were not salted to provide an additional level of security. This meant that the he hashed passwords were susceptible to attacks that could quickly crack weak passwords.
- LinkedIn was relatively slow to fess up to the attack and notify the users to change their passwords. This has now happened and after taking some initial grief LinkedIn has now forced password changes on those they believe were affected. This should help minimize the damage to users who had passwords disclosed.
So how do LinkedIn’s security problems affect you?
If you are a LinkedIn user make sure to reset your site password and the passwords on any other sites if you use the same passwords across multiple sites.
What information security lessons does this incident teach an average website user?
Even professional companies with a lot of money to spend will be subject to information security compromises. For that reason it is important to utilize different user account names and separate passwords on each site you use to minimize the impact if any one account is compromised. To help manage this level of security and keep your sanity in the process I highly recommend that you use a password management program such as LastPass. This will help you spread out your risk and minimize the damage of any one site being compromised (and if your password management company gets compromised be sure to change that one with lightening speed). Lastly, it is important to keep up with the news and know when information security problems occur for sites you utilize. That will help you take swift action to minimize your chance of problems.