Start-ups have been urged to use a simple trick to ensure the security of their password, after six million LinkedIn passwords were reportedly leaked online.
In a company blog post, LinkedIn director Vicente Silveira confirmed “some” of its users’ passwords were stolen after it was hacked.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation,” Silveira said.
Internet security firm Sophos later confirmed a file containing more than six million encrypted passwords was posted on the internet.
“Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals,” Sophos said in a statement.
“Investigations by Sophos researchers have confirmed that the file does contain, at least in part, LinkedIn passwords.”
Not surprisingly, LinkedIn is urging its members to craft a strong password, change it frequently and avoid using the same password on multiple sites.
“Use this as an opportunity to review all of your account settings on LinkedIn and on other sites too,” Silveira said.
According to AVG security advisor Michael McKinnon, start-ups in particular are inclined to compromise their password safety.
“This is really relevant to start-ups because often those people are really web connected to so many different things,” McKinnon says.
“They need to think about password separation. LinkedIn has been a good example… There are tricks to separate passwords.”
For example, when creating a password for Facebook, users could add an “f” at the start of their regular password and a “k” at the end.
So if their original password is “fruit”, their Facebook password would be “ffruitk”, while their Twitter password would be “tfruitr”.
Graham Cluley, a consultant with Sophos, told AP further problems could come if the hackers have email addresses connected to the passwords.
“All that’s been released so far is a list of passwords and we don’t know if the people who released that list also have the related email addresses,” he said.
“But we have to assume they do. And with that combination, they can begin to commit crimes.”
The process for changing your password on LinkedIn is relatively simple.
After entering your password, go to the top right of the screen:
Click on the drop down next to your name and choose settings:
On the “Settings” tab, simply go to the “Password Change” link in the top left-hand corner of the main screen (circled below):
Here’s an enlargement of the link you need to click:
Aside from password security, McKinnon says businesses need to be wary of the information they include on sites such as LinkedIn. This includes information submitted by employees.
“With LinkedIn, the interesting phenomenon is the ability for multiple staff members to post individual profiles on this network and then kind of link up with each other,” he says.
“If you have this collection of data in mass form, there is a genuine consequence we haven’t thought about – how the data can be used and interpreted.”
“[Hackers could gain an] understanding of how other businesses are structured – who reports to who, and then have an idea of how the business model might function, for example.”
“You might reveal the technology your business might be using, which could give an attacker some insight into potential vulnerabilities that might exist in the business as well.”
McKinnon says the key is to communicate with your staff about how they use these networks.
“Communicate with staff so you’re all on the same page [about what information can and cannot be made public],” he says.
“Also, as a business owner, you should be logging into LinkedIn and searching for your own business… We often forget to search for ourselves online.”
“If there’s something you don’t want published, try and trace that back to the source and then get them to remove it if you can.”
McKinnon says businesses also need to be careful when using Facebook, particularly if they operate their entire operation on the social media site.
“It’s interesting that a lot of businesses now are choosing to have Facebook pages because they get a lot more traction and are a lot more visible,” he says.
“From a security perspective… these small businesses are putting themselves at some risk.”
“Businesses are putting themselves fairly and squarely into the palm of another company that has complete control over their operations.”