Sorry!! The article you are trying to read is not available now.
Politics And Regulation
Trading And Investing
How To Trade
How To Invest
Wall Of Worry
Hoofy & Boo
From The Buzz & Banter
MV Education center
t3 live subscriptions
How Hackers Profit From Your Leaked Passwords
June 11, 2012 11:30 AM
If you’ve been a reader of Mike Schuster’s on Minyanville, you already know better than to keep the
for multiple websites or to, God forbid, use the
to unlock your
). But even if you think your accounts are the Fort Knox of online security, you can still be vulnerable -- as we saw last week with the compromise of the personal information of 6.5 million
) users by Russian hackers.
Since news broke about that event, one of the burning questions has revolved around what the cyber criminals plan to do with the bounty stolen from the “world’s largest professional network.” Security analysts have begun to
and -- beyond selling résumés on the black market and mining contacts for spam emails -- hackers have a “complex and sinister” plan in store for the hot dossiers.
While some cyber attacks are the work of (relatively speaking) harmless “hackivits” motivated by revenge for some wrong committed by a corporation, the guilty party usually makes itself known. In the case of the LinkedIn breach, the group of hackers didn’t identify itself. According to Symantec’s Marian Merritt, the failure to claim responsibility -- in addition to the data being posted on a Russian forum dedicated to password decryption -- points to a profit-driven criminal endeavor.
Assuming both email addresses and passwords of members have been acquired, the first step is using software to run that combination on other websites, specifically ones that contain sensitive financial information like
) and, of course, individual bank URLs. But social media is another huge target so
) 900 million users are also at risk. Experts strongly suggest that LinkedIn members using the same email/password combination on any other site should change them immediately.
And for the love of all that is online security, don’t do so by clicking on a link contained in an email appearing to have come from the company. This is a form of email spoofing called “phishing,” and it’s often part of the hacker’s scheme. To be safe, go directly to the company website itself and log into your account.
LinkedIn users may also become bait for “spear phishing,” which sends seemingly legitimate emails containing links -- but from the addresses of trusted sources, like friends and colleagues.
Likely, the LinkedIn passwords will be added to what are called “rainbow tables” that crack password hashes. Unlike far more ironclad sites like
) that protect users with an extra layer of encryption or “salting,” LinkedIn’s weaker hashing algorithm allowed any account with the same password to be unlocked by the same key.
We’ve said it before, and we’ll say it again: The more complex and unique to each site your passwords are, the better off you are.
No positions in stocks mentioned.
MOST POPULAR PASSWORDS
POPULAR IPHONE PASSCODES
WAS MY LINKEDIN PASSWORD HACKED
See All Tickers »
More From Minyanville
Trading and Investing
MV Education Center
Buzz & Banter
Cooper's Market Report
The Options Strategist
Directory of Terms
T3 Live Subscriptions
Buzz and Banter.com
Ruby Peck Foundation
Terms and Conditions
Follow Minyanville on Facebook
Follow minyanville on Twitter
Follow Minyanville on Linkedin
Subscribe to Our RSS Feed
©2017 Minyanville Media, Inc. All Rights Reserved