Have I Been Pwned? LinkedIn password breach worse than reported
The last week has seen a disconcerting trend of social networking data breaches, culminating in the largest leak of email addresses and passwords of all time.
If you created an account with one of the social networking sites LinkedIn, Tumblr, Fling or Myspace between 2012 and 2013 your data could very well have fallen victim to
However, all the reporting of this security issues misses the bigger issue. The fact that passwords are reused again and again across the internet, it could be your other online accounts that could be compromised!
It all started with a security issue flagged by the professional networking site LinkedIn on May 17th. In a statement released by their legal support team, they made clear of the fact that the hack itself could be detailed back to 2012, with the data lying dormant all that time. The data divulged included 167 million member email addresses and passwords, all for accounts that were created prior to the 2012 breach. The response by LinkedIn was swift and imminent. All passwords for accounts created prior to the 2012 breach were invalidated and account holders were notified to implement new ones.
That was far from the last of such dramas. Yesterday the internet was shaken to the core with the prospect that three other notable social networking sites had had their valuable data breached and released on the
This disturbing trend has many experts entirely perplexed. One such expert is Troy Hunt, founder of the data breach search service Have I Been Pwned? He questions the timing, objective and whether this will be the last of such colossal breaches in his personal blog entry, ‘The Emergence of Historical Mega Breaches’. He sees the leaked information as a reflection “..of the reality that we’re a couple of decades into the modern internet” and doubts that such security issues will subside anytime soon.
If you did indeed have an account of any of the above mentioned social networking sites between the allocated time period, it is highly likely that your data was susceptible to the leak.
To find out for certain simply enter your email and/or username into Have I Been Pwned?’s website directly.
If you have in fact been a victim, it’s incredibly imperative to immediately change any passwords to other online services where you’ve used the same password as the hacked account. The security matter doesn’t start and end with the leaked data from those particular social networking sites. It could be much more far-reaching, depending on how stringent and secure you have been with your passwords in the past.
Contact us or your local IT Support provider for any more information on the matter.
UPDATED 7th June 2016
Since the publishing of this article last Wednesday, our prediction that other online accounts could be compromised due to re-used passwords, did in fact, come true. TeamViewer, a remote access support system, observed suspicious behaviour early Saturday morning, which quickly led them to conclude that passwords that had been re-used from LinkedIn, Tumblr and Myspace between 2012 – 2013 provided hackers with an ‘in’ to TeamViewer financial accounts.
At
Visit ARS Technica’s site to learn more about TeamViewer’s response to the security breach and to keep educated on developments as and when they happen.
UPDATED 23rd June 2016
The fallout continues. Carbonite users have received a proactive email from the cloud backup provider. They noticed unusual hacker activity on their network. Carbonite
This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked.
There is no doubt the “other companies” Carbonite is referring to is LinkedIn.
I’ll continue to reiterate the fact that you should not, under any circumstances repeat and reuse the same passwords, for this exact reason.
Here is the email from Carbonite in full
Hi,
For your protection and the safety of your data, we have reset the password on your account. To access your account, you must choose a new, secure password.
This action is being taken proactively and at this time there is no evidence to indicate that your account or data have been compromised. Your backups are safe and your regular backup schedule will continue.
What Happened
As part of our ongoing security monitoring, we recently became aware of
What Information Was Involved
While we will continue to monitor and investigate the matter, we have determined that some usernames and passwords are involved. Additionally, for some accounts, other personal information may have been exposed.
What We
To ensure the protection of all our customers and the safety of their data, we are requiring all Carbonite customers to reset their login information. Our Customer Care team is standing by to assist anyone who needs additional help. This activity in no way affects existing or scheduled backups. Files are still being safely backed up.
In addition to our existing monitoring practices, we will be rolling out additional security measures to protect your account, including increased security review and two-factor authentication [which we strongly encourage you to use].
What You Should Do
Use the link above to reset your password. We highly recommend using “strong” unique passwords for Carbonite and all online accounts. Learn more about strong passwords at www.carbonite.com/safety. If you use the same or similar passwords on other online services, we recommend that you set new passwords on those accounts as well.
For more information please contact Customer Care at https://support.carbonite.com/.
Sincerely,
Carbonite Customer Care
UPDATED 7th June 2016
Since the publishing of this article last Wednesday, our prediction that other online accounts could be compromised due to re-used passwords, did in fact, come true. TeamViewer, a remote access support system, observed suspicious behaviour early Saturday morning, which quickly led them to conclude that passwords that had been re-used from LinkedIn, Tumblr and Myspace between 2012 – 2013 provided hackers with an ‘in’ to TeamViewer financial accounts.
At
Visit ARS Technica’s site to learn more about TeamViewer’s response to the security breach and to keep educated on developments as and when they happen.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.