It’s been a hard week in Internet-ville, as some of the most well-known web applications have proven to be vulnerable. Major websites like business-related Social Networking giant LinkedIN, dating site eHarmony, Last.fm and even Apple’s iOS have been compromised of their passwords. Here’s a rundown of each site:
Hacked Website #1: LinkedIN
According to Norwegian site Dagens, LinkedIN had 6.5 million passwords compromised and decrypted by a Russian hacker online under the name “dwdm.”. He posted these passwords on a website last Wednesday and scared a lot of people, considering the reputation the company has.
The number of LinkedIn passwords compromised in a recent data breach could be far higher than the 6.5 million initially reported, according to Imperva. The security firm claims that even though only around 6.5 million encrypted passwords have been posted online, it’s likely the unknown hacker has far more data.
According to the Financial Post, at least two security experts who examined the files containing the LinkedIn passwords said the company had failed to use best practices for protecting the data.
“The experts said that LinkedIn used a vanilla, or basic, technique for encrypting, or scrambling, the passwords which allowed hackers to quickly unscramble all passwords after they figured out the formula by which any single password had been encrypted.
The social network could have made it extremely tedious for the passwords to be unscrambled by using a technique known as “salting,” which means adding a secret code to each password before it is encrypted.
‘What they did is considered to be poor practice,’ Mary Landesman, senior researcher with messaging security firm Cloudmark, said.
LinkedIn officials declined to comment on the criticism, saying it was discussing the breach only on its official blog.”
Hacked Website #2: eHarmony
Hacked Website/App #3: Apple iOS’s LinkedIN App
Meanwhile, a pair of researchers with Israeli firm Skycure revealed details of a data-sharing issue with LinkedIn’s iOS app.
Yair Amit and his colleague Adi Sharabani found the app sent users’ calendar information to the company’s servers, without warning.
The problem affects users that enable the feature which allows them to view their iOS calendar within the app.
“The app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcodes,” the researchers wrote in a blog post.
The researchers said they informed LinkedIn about the potential risk of obtaining user details without permission, but the issue had not yet been fixed.
Hacked Website #4: Last.fm
“As a precautionary measure, we’re asking all our users to change their passwords immediately,” Last.fm said on its blog.
So, what can I do?
Step 1: Change Your Password!!!
Step 2: LastPass
LastPass — which created a tool for LinkedIn and eHarmony users to check if their passwords are among the compromised — believes that because cracking hashes (which are associated with passwords) takes time to compute, the hacker is calling on the hacker community to help complete the list.
“At this rate, the remaining list should be cracked soon,” LastPass said.
eHarmony and LinkedIn have both apologized for the security breach and are urging users to change their passwords as soon as possible.