It’s no secret that LinkedIn experienced a large social network no-no this past week when over 6 million of it’s users’s passwords were leaked out. It caused a great deal of havoc and anger amongst it’s over 100 million users.
Basically, what caused this to happen is the fact that LinkedIn encrypted the passwords using a SHA-1 algorithm, but didn’t use the proper security techniques that would have made cracking the passwords much more difficult for potential hackers, said Paul Kocher, President & Cheif Scientist of Cryptography Research. The passwords were obscured using a cryptographic hash function, but the hashes used were not unique for each password. Therefore, once the hacker matched one hash to a password, that hash would be the same for all other identical passwords.
There is a great deal of highly sensitive information on the social network such as business deals, confidential job information, and personal conversations.
LinkedIn still doesn’t know who was actually responsible for the attack. LinkedIn is just focusing on ensuring members change their passwords and choose stronger passwords for increased security measures. However, according to security researcher Marcus Carey, “If a website has been breached, it doesn’t matter what encryption they’re using because the attacker at that point controls a lot of the authentication. It’s ‘game over’ once the site is compromised.”