LinkedIn's social networking site was hacked on June 5, 2012, and passwords for nearly 6.5 million user accounts were stolen by Russian cyber criminals. Hacked account owners can no longer access their accounts, and websites repeatedly encourage their users to change their passwords after the incident. Vicente Silveira, director of LinkedIn, confirmed, on behalf of the company, that the website was hacked on its official blog. He also said that the compromised account holder will find that their passwords are no longer valid on the website.
Stolen passwords, which are hashed (only stored checksums, enable testing whether the given password is correct), are solved and posted on Russian password forums that day. On the morning of June 6, passwords for thousands of accounts are available online in plain text. Graham Cluley from Internet security firm Sophos warned that a leaked password could belong to criminals by June 6 at the latest. LinkedIn said in an official statement that they will email all its members with security instructions and instructions on how they can reset their passwords.
In May 2016, LinkedIn found an additional 100 million email addresses and hash passwords claimed as additional data from the same violation of 2012. In response, LinkedIn has revoked the passwords of all users who have not changed their password since 2012.
Video 2012 LinkedIn hack
Reactions by community and users
Rep. Mary Bono Mack of the US Congress commented on the incident, "How many times will this happen before Congress finally gets up and takes action? This latest incident is once again bringing into sharp focus the need to pass data protection legislation." Senator Patrick Leahy said , "Another major data breach report should provide pause for American consumers who, more than ever, share sensitive personal information in their online transactions and networks... Congress must make comprehensive data privacy and cybercrime laws a top priority. "Marcus Carey, a security researcher for Rapid7, says that hackers have broken through LinkedIn databases in previous days. He expressed concern that they may have access to the website even after the attack. Michael Aronowitz, Vice President of Saveology said, "Every day hundreds of hacked sites and personal information are obtained Stealing login information from one account can be easily used to access other accounts, which can store personal and financial information." Security experts point out that stolen passwords are encrypted in a way that is easy enough to decrypt, which is one of the reasons for data breaches. Katie Szpyrka, a LinkedIn longtime user from Illinois, USA, filed a $ 5 million lawsuit against LinkedIn, complaining that the company did not keep their promise to secure connections and databases. Erin O'Harra, a spokesman who works for LinkedIn, when asked about the lawsuit, said that lawyers are looking to exploit the situation to reapply SOPA and PIPA bills in the United States Congress. A modified complaint was filed on November 26, 2012 on behalf of Szpyrka and another premium LinkedIn user from Virginia, United States, named Khalilah Gilmore-Wright, as a class representative for all LinkedIn users affected by the violation. The lawsuit seeks orders and other equitable assistance, as well as compensation and indemnification for plaintiffs and class members.
Maps 2012 LinkedIn hack
Response from LinkedIn
LinkedIn apologizes immediately after the data breach, and asks its users to immediately change the password. The Federal Bureau of Investigation assists the LinkedIn Company in investigating the thefts. As of June 8, 2012, the investigation is still in its infancy, and the company says it can not determine if hackers can also steal email addresses associated with compromised user accounts. LinkedIn says that users whose passwords are compromised will not be able to access their LinkedIn account using their old password.
Controversy
Internet security experts say that passwords are easily deciphered due to LinkedIn's failure to use salt when hashing them, which are considered unsafe practices because it allows attackers to quickly reverse the randomization process using existing standard rainbow tables, pre-created lists of matching random passwords and random. Another issue that sparks controversy is the iOS app provided by LinkedIn, which takes personal names, emails, and notes from a mobile calendar without the user's consent. A security expert working for Skycure Security says that the app collects user's personal data and sends it to a LinkedIn server. LinkedIn claims that permission for this feature is provided by the user, and the information is securely delivered using the Secure Sockets Layer (SSL) protocol. The company added that they never store or share that information with third parties.
Suspect capture
On October 5, 2016, Russian hacker Yevgeny Nikulin was arrested by Czech police in Prague. The United States has requested an Interpol warrant for him.
The grand jury of the United States charged Nikulin and three unnamed conspirators for alleged identity theft and computer intrusion. Prosecutors alleged that Nikulin stole LinkedIn employees' usernames and passwords, using them to gain access to the corporate network. Nikulin is also accused of hacking into Dropbox and Formspring, allegedly conspiring to sell stolen Formspring customer data, including usernames, email addresses, and passwords.
Nikulin is facing a Czech hearing to determine whether he will be extradited to the United States. Russian Foreign Ministry spokeswoman Maria Zakharova indicated that Russian authorities are trying to block extradition.
References
Source of the article : Wikipedia
0 Comments