GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

A new chapter opens for merchant cash advance

News

Industry Update

Strong positions in NRF lawsuit against Durbin regs

LinkedIn confirms breach, passwords theft

First Data, SecurityMetrics settle lawsuit over data access

Academy prepares industry for EMV implementation

Trade Association News

Selling Prepaid

Prepaid in brief

Google Wallet turns one

Obopay offers license to transfer

Views

Prepaid industry rewrites Washington playbook

Patti Murphy
ProScribes Inc.

Education

Street SmartsSM:
How to avoid post-close mistakes

Jeff Fortney
Clearent LLC

Expanding e-commerce payments in China

Caroline Hometh
RocketPay LLC

Combating faceless fraud

Nicholas Cucci
Network Merchants Inc.

mPOS - it's about more than payments

Kevin Cola├žo
Retail Cloud

Company Profile

Cardinal Commerce Corp.

New Products

Swipe or tap, your choice

NFC Swipe
ROAM Data Inc.

Cash advance enters B2B world

B2B Cash Advance
Merchant Cash and Capital LLC

Inspiration

Disruption is good

Features

The value of CQ

Departments

10 Years ago in The Green Sheet

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

June 25, 2012  •  Issue 12:06:02

previous next

LinkedIn confirms breach, passwords theft

On LinkedIn's corporate blog, LinkedIn Director Vincente Silveira confirmed that the social media site for business professionals suffered a June 6, 2012, breach and acknowledged "some" passwords were stolen. Silveira said LinkedIn is continuing to investigate the breach. In the meantime, the company is invalidating passwords it knows to be compromised.

LinkedIn boasts approximately 161 million business-oriented users. Silveira said customers with compromised passwords will receive an email from LinkedIn with instructions for resetting their passwords. Silveira stated customers will then receive a second email from Customer Support to provide "a bit more context on this situation and why they are being asked to change their passwords."

Security researcher Cameron Camp wrote in a blog for the international Internet security firm ESET that phishing scams already exist on the Internet that purport to link to the LinkedIn password reset but instead direct the user elsewhere. For example, when a phony email link is clicked, the user may be directed to an illegal online pharmacy. Camp advised LinkedIn users not to click on any links in a LinkedIn email but instead to go directly to the company website to change passwords.

"Sadly, we are likely to see more of these emails as LinkedIn tries to rebuild trust among members," Camp wrote. "Besides changing your password, it's a good idea to review your user settings and try to understand/limit/narrow access to your key information to those with whom you intend to share. In this way you can help prevent unintended data sprawl, also meaning other user accounts which might become compromised won't have as much of a direct effect on your personal information."

Hashing and salting

Silveira noted that LinkedIn recently enhanced its security by adding additional cryptographic techniques, known as hashing and salting, to disguise its passwords. This may not be enough to stop determined hackers who have access to the stolen data, according to published reports claiming that as many as 6.4 million LinkedIn passwords may have been stolen by Russian hackers who reportedly posted the stolen data on an online forum. The reports also said teams of hackers have already decrypted 300,000 or more stolen passwords.

UKFast.net Ltd., a Manchester, England, hosting services provider, wrote on its blog that it was able to crack 2,000 hashes from the stolen LinkedIn data in just 10 minutes using the processing power of a normal central processing unit. "The passwords stolen from LinkedIn's database were stored as hashes encrypted using a cryptographic hash function called SHA-1," the company stated. "This basically uses an algorithm to change the password into a string of characters. ... Hashes like this can be simply cracked."

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems