Cyber security expert warns passwords may provide access to more than just LinkedIn accounts
Web hosting firm UKFast is warning businesses to act now to limit the potential impact of a major security breach of the professional networking site LinkedIn.
The password database of the social site – which hosts details of around 150 million business people globally - was leaked on the internet by suspected Russian hackers.
Security experts at UKFast warn this could hand cybercriminals more than just access not just to individuals’ LinkedIn accounts, but potentially to business emails and confidential data.
Stuart Coulson, cybersecurity expert and director of data centres at UKFast, said: “The hackers have released the database of passwords – from what we can see there are around 6.1 million of them within the database – but they are yet to release the usernames but it’s likely they have these too.
“This is really concerning for businesses as once hackers have usernames and passwords they can not only access the account, they can access any account with the same username and password.
“As many users have the same login details for LinkedIn, Facebook and even their work email, this hack has the potential to hand cybercriminals an open book of all of your personal, and potentially business, information.”
He added: “There are lessons to be learned from this attack. Linking your work email to your LinkedIn account, or using the same username and passwords across multiple sites is a sure-fire way to hand hackers all of your information with just one hack.”
LinkedIn's database of passwords was encrypted using outdated SHA-1 encryption and were not ‘salted’ - where a random string of numbers is added to the encryption to increase the safety of the stored information.
UKFast’s forensic experts cracked 2,000 of the passwords in just 10 minutes using only a standard computer’s processing unit. With added power from a graphics card (GPU), this would be greatly speeded up.
Coulson said: “We see stories like this again and again – big sites who we trust with our data are not correctly storing it to protect us from this threat. This is why it is important we take cyber security into our own hands.
“I’d recommend password generators – a small device that randomly selects a password every time you login or two-factor authentication systems that require two checkpoints – for example a password and your mobile phone or a code generator. These are the safest routes available at the moment for password security.”