12/7/2023 0 Comments Linked in data breach![]() ![]() But singling them out, as if they’re something unique, would be a mistake. In hindsight, the organizations that were compromised due to the LinkedIn list made plenty of mistakes that proactive measures would have fixed. Humans have developed some bad habits when it comes to passwords and access, and corporate policies that limit complexity and require easily guessed formats, further enable these bad habits. Weak password policies and recycled credentials are a serious problem.Īt the same time, this problem is one that isn’t easily fixed. On Tuesday, Carbonite reset all of their customer’s passwords after detecting login attempts using recycled credentials. Last week, LogMeIn proactively reset accounts where it was determined a customer was recycling their LinkedIn password. GoToMyPC isn’t the only service provider that’s been targeted recently.Įarlier this month, Team Viewer users reported system compromises, and at least some of them admitted to reusing passwords. Again, this is because the compromised organizations didn’t use such features. Two-factor authentication wasn’t a factor in any of the breach examples shared with Salted Hash. ![]() ![]() For example, if there was a mismatch with the network ID, altering it slightly to match public email addresses often worked (e.g. Sadly, in many of the examples shared with Salted Hash, there was a direct relation between the compromised organization and the leaked LinkedIn account data set – so the username and password on LinkedIn was the exact combination needed to access the corporate network.īut even when there wasn’t a direct relation, the information available from the LinkedIn list allowed some basic guesses that resulted in successful compromises. The point, Barak added, was to ensure that the exposure of a user’s password wouldn’t be enough compromise their account. There’s more work to be done, as the attacker has to identify services and systems exposed to the public, but this isn’t an impossible task. Thus, the attacker now has a list of possible targets, a good idea of how network IDs are generated, and some base passwords to start with. ![]() There’s a method to the madness:Īn attacker who has the LinkedIn list knows a person’s name, their work history, and their password. What is clear, is that some of the organizations caught-up in this situation are large ones and the only reason they’re in this mess is due to recycled credentials. It isn’t clear if the active cases are all related, or if there is more than one attacker or group conducting the raids. These are straight brute force attacks with a high degree of success, largely because the leaked LinkedIn records have allowed the attacker to reuse credentials directly, or enumerate them slightly, in order to gain access. forbes.Citrix called the incident a “very sophisticated password attack,” but that isn’t the reality of the situation, there’s nothing sophisticated going on. A LinkedIn ‘Breach’ Exposes 92% Of Users-And Other Small Business Tech News. Damage to reputation and loss of trust: The data breach could also damage LinkedIn's reputation and lead to a loss of trust among its users, potentially leading to a decline in user engagement and revenue. These lawsuits could result in significant legal costs and damages for LinkedIn.ģ. Lawsuits by users: LinkedIn also faced lawsuits from users who claimed that their personal information was exposed in the data breach, and that LinkedIn was negligent in safeguarding their data. These investigations could result in fines and other penalties if LinkedIn is found to have violated data protection regulations.Ģ. Investigations by regulatory authorities: After the data breach, LinkedIn faced investigations from regulatory authorities, including the Irish Data Protection Commission, which is the lead supervisory authority for LinkedIn in the European Union.Some of the legal problems faced by LinkedIn after the data breach are: According to the article on Forbes, LinkedIn had a data breach in April 2021, where the personal data of over 700 million LinkedIn users was exposed online. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |