LinkedIn, June - Major Security Breaches
Astute readers of an online message board figured out that an anonymous posting of 6.5 million user passwords on a Russian hacking site belonged largely to users of professional networking site LinkedIn (other sites, including Last.fm and eHarmony, were also affected). LinkedIn confirmed the breach, which occurred when hackers were able to undermine the company’s encryption. The passwords were “hashed” with a further encryption algorithm, which means hackers don’t automatically have all the necessary bits and bytes to log into someone’s account, but the passwords were not “salted,” which means that hackers could eventually use the data they do have to come up with the full passwords. LinkedIn has faced other security issues this year: automatic updates from the company’s iPhone app to shared iOS calendars included details that were supposed to stay private, like conference call passwords. The first incident was due to LinkedIn not using strong enough encryption, while the second one was the result of LinkedIn’s failure to fully test its app before publishing an update.