Why all the fuss over stolen LinkedIn passwords:
No one really wants to break in to your LinkedIn account and mess with your connections or employment history… well, maybe that embittered ex-love of yours, but not some faceless hacker on the internet who doesn’t know you beyond a login id….
So, why all the fuss over the 6.5 million stolen passwords from one social networking site? User behaviour is the answer to this question, my friends. With a large database of userID/password pairs, you can begin trying those on more critical sites to gain entry, sites like banks or stock trading, email hosts, or even corporate VPNs. When Last.fm encountered the same kind of theft as LinkedIn in the same week, we start to see an even scarier pattern emerge as now your database has two sets of data points to which you can compare. As of this writing, a third site, eHarmony, has lost a similar of amount of userID/password pairs to theft. When you add this third set of datapoints you have a real good view in your database of the userIDs which are commonly used across sites, and likely using the same passwords as well…
If nothing else, in this database you’ll have common userIDs and either one or multiple potential passwords to use as you attempt access to those more critical fiscal or intellectual property sites where valuable data is stored. It shouldn’t take much here to see the potential impact on your personal finances or even at a corporate espionage level (yes, such a thing does still exist and is actually more prevalent than ever with the widespread use of social media).
This all comes down to user behaviour/ user psychology. With all the various logins and passwords we need to remember for the plethora of services and sites we use on a daily basis, most of us will stick with a common userID and likewise a common password or, at best, a common set of passwords. So while most people won’t be too concerned if their LinkedIn password has been stolen and will just login to the site and change it, what may have easily escaped us is the need to change our passwords ANYWHERE that same userID/password pair is in use. The possible widespread ramifications of not taking action, or even only taking action on one site are enormous.
I posted the following article from Slate.com to both my G+ and Facebook accounts earlier, but I figured this message stood to be repeated with more context.
Fix Your Terrible, Insecure Passwords in One Minute
In this article, the author Farhad Manjoo covers a few recommendations for improving the security of your accounts via both services as well as simply making smarter passwords. He has some very good ideas in here and as such I highly recommend giving it a read through.
But, even if you don’t bother with the article above, I implore you: go change your passwords now. Employ smarter password strategies by not using the same userID/password pairing across sites. You’ll be glad you did.
#StayVigilant my friends!