Linkedin confirmed a data breach Thursday night which compromised more than 6.5 million passwords. Last.fm and e-Harmony also had security breaches, with more than 1.5 million e-Harmony passwords taken.
A file containing the stolen LinkedIn passwords was posted in a Russian hacker forum earlier this week. The passwords were protected by a security tactic known as hashing, but many passwords were easy to decode, according to CNET.com.
Steve Cassady owns a consulting firm and advises clients on financial and operational strategy. As a frequent LinkedIn user, Cassady said he doesn’t trust the network any less after the attack. However, the news isn’t helping the social platform, which currently searching for the source of the attack.
“As a trusted business network, it needs to step up its game given the commercial implication of any security breach and use stronger cryptography,” Cassady said. “LinkedIn needs to learn from this experience to protect its users and its image.”
LastPass.com created a site for users to check if their passwords were compromised, but LinkedIn advised everyone with an account to change their password as a safety precaution. LinkedIn, e-Harmony and Last.fm shut down accounts that were affected and sent emails to the owners notifying them of the security breach.
Cassady said that the incident highlights the importance of creating and using strong passwords. He said many of the compromised passwords were easy to guess, such as “Linkedin,” “Recruiter,” and “123456.”
“It shows a lack of sophistication by the user community in setting up their passwords on Linkedin and likely on other sites,” Cassady said. “Users need to take precautions in creating strong passwords to protect themselves.”
Mashable created a tutorial to help individuals create strong passwords for LinkedIn and other social media sites. Users can change their LinkedIn passwords by signing in and changing their settings, located in the top right corner of the homepage.
According to Mashable, the security breach came after reports that LinkedIn’s iOS app may violate privacy rights by sending a user’s detailed calendar information to its servers. Many users posted comments on Facebook and Twitter expressing their frustrations. Adrian Chen, staff writer for Gawker.com, posted a comment on Twitter that was retweeted by more than 1700 followers:
“Warning: LinkedIn was hacked. Be on the lookout for spam emails that are slightly different from the emails LinkedIn usually sends.”