Jun 082012

There are some sites I like more or less, some I visit for pure, stupid fun, and some I look up to and trust. Linkedin belongs to yet another special category, one of few I invest quite some time in and expect a lot in return like most of us, hoping to land a (better) job, freelance gig, or to just network or get in contact with good prospective employees.

As you probably know, some Linkedin user passwords were recently stolen, but in an encrypted format, so the breach was discovered because the thieves were posting ads in their bizarro world’s Craigslist counterpart, asking for help in deciphering, which means sooner or later some of them will be (or already are) deciphered. Therefore, I strongly suggest you change your Linkedin password regardless whether you received any notes about your account being hacked. Moreover, if on that account you were using the same password as on some other, change the passwords on other accounts as well to something completely different, and never again keep the same password on multiple accounts. Seriously. Get a password manager instead.

In my post about password managers on Android phones you can read about my three apps of choice for storing and synchronizing credentials between phones and computers, some also compatible with iPhone, Android and a multitude of other devices. Otherwise if you keep same passwords on multiple accounts, I will look for you, I will find you, and then I’ll be very angry at you. Or perhaps the hackers will find you first and then you will be very angry at yourself. Joking aside, let me repeat myself because I work in the Department of Redundancy Department, The City of Repeat City: if you haven’t already done this, it’s about time you manage your passwords and keep them all different so hackers can’t access many of your accounts if they gain access to one. I was so right last year when I said here that the Sony PlayStation Network intrusion was just the beginning and the things will only get worse.

Back to the subject, needless to say, I changed my Linkedin account password soon upon reading the news, but I (still) didn’t get any notes from them and the fact that only some passwords were stolen and that they were in an encrypted form will probably keep some people feeling safe, but I’m worried far more than when my account with Sony PlayStation Network was possibly hacked. Why?

Sony breach exposed “only” my account credentials and possibly my financial information and while that sounds terrible at first, I just changed my password, my credit card, and monitored my credit card transactions more closely. That’s it. Had they used my credit card for some fraudulent transactions it would have been relatively easy to contest them. Linkedin breach, however, goes far beyond being worried about my account only. It brings in a new concern about my business identity. Considering that I’m in my forties, my career has brought in a lot of money and I’m counting it will bring much more in the future, so my Linkedin information is there, gathered to give an utter quality and sheer excellence picture of me and that includes a lot of personal information that can’t be found piled up together at any other place. Because of this I already took out a lot of the information from my public Linkedin profile on the web, but this is still visible to all my contacts from inside. Yes, it’s possible to collect most of that information from various sites, including the places where I worked, lived, owned and the amount I paid for them, but that would require too much work, while this is something more personal, nowhere else served on a plate like here. If I were to to steal my identity or use it to land some kind of a gig, Linkedin would be the first station – it tells quite a story, easily tempting for the hustling genii who do social engineering.

In the beginning when social networks were taking off, I thought that Facebook and Linkedin will cut spam to virtually zero, but there arose another kind of malware/nuisance: I started receiving notes with links from friends who swore they never sent them and it was enough for only one of my connections to click on a malicious link to grant access to their profile and have the malicious thingamajigger send all of their friends/connections stuff as if the hacked person did it (for example, see my post about Osama Bin Laden execution video), which is the reason I don’t accept any game or external apps invitations on Facebook (and could be the reason why their marketing is not working that great, since many users like me could be hesitant to click on any unknown links when logged into our own friends and family world).

For that and other reasons I already withdrew my profile from public access and left a limited amount of information. My friends and connections I can’t control, but I hope and pray that they change their passwords frequently.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>