Since publication of 6.5 million LinkedIN password records by Russian hackers last week, reports have been flooding in of other accounts being subject to unauthorised access. Where users have used the same email address and password for their LinkedIN account and other accounts such as eBay, PayPal, Skype, Facebook, Amazon, Twitter and personal email accounts, it appears hackers have been using these to these to their advantage. Fortunately, most banking websites require additional authentication and appear to be unaffected, but disruption is being reported across other major websites where users have simply been unaware of the LinkedIN issue.
This breach is very real, and whilst LinkedIN have sent out password reset notices to their affected users, there has not been a co-ordinated effort across the industry to ensure that compromised user accounts and passwords are not being re-used on other popular websites. I urge LinkedIN users to ensure they are using unique passwords on both LinkedIN and other websites, and to change them as soon as possible. If hackers get access to your personal email and PayPal accounts, then this is not going to be good news.
It’s important readers are aware of password re-use “attacks” and I do not feel the other big social networking or payment providers are doing enough to help, trying to land the blame squarely on LinkedIN. 6.5million users is a lot, and there is plenty of overlap between LinkedIn, Facebook, Twitter and Gmail/Hotmail users for example. It does deserve industry-wide mitigation and the “fault” for password re-use lies across all of these sites, none of whom really take any pro-active action to ensure users are using unique passwords.
LinkedIn’s latest blog entry on this – http://blog.linkedin.com/2012/06/09/an-update-on-taking-steps-to-protect-our-members/ states “Thus far, we have no reports of member accounts being breached as a result of the stolen passwords”, but I have already seen LinkedIn accounts being abused, and spam messages proliferating across message boards. Whether the two are related, who knows, but I have to say I don’t remember seeing that much spam!