(Mint Press) – On Wednesday, 6 million user passwords from the professional networking site, LinkedIn were leaked on the internet in one of the largest online security breaches. Individuals with compromised accounts were sent cautionary emails, warning that information from profiles may have been stolen by hackers and cyber thieves. The company has not offered an explanation as to how the passwords were stolen, but is continuing to investigate the issue. Despite increased surveillance by law enforcement and watchdog groups, the latest attacks are part of a growing trend affecting internet users worldwide.
LinkedIn compromised accounts
While the 6 million leaked passwords represents one of the largest online security breaches, the vast majority of LinkedIn’s 160 million users are not affected by these developments. However, Vicente Silveira, a company spokesman, offered cautionary advice in a June 6 blog post on the LinkedIn website, saying,
“While our investigation continues, we thought it would be a good idea to remind our members that one of the best ways to protect your privacy and security online is to craft a strong password, to change it frequently (at least once a quarter or every few months) and to not use the same password on multiple sites. Use this as an opportunity to review all of your account settings on LinkedIn and on other sites too. Remember, no matter what website you’re on, it’s important for you to make sure that you protect your account security and privacy.”
Users with compromised accounts will notice that their profiles are, “no longer valid,” but will receive instructions via email on how to change passwords and reactivate their profiles.
The password leaks, as Silveira notes, could have a multiplying effect since many individuals use the same passwords for Gmail, Paypal and a host of other online accounts. Matt Cutts, head of Google’s webspam team offered a succinct statement to followers on his Twitter page, remarking, “Use the same password on LinkedIn & Gmail? I’d change both immediately.”
LinkedIn is a professional networking site founded in 2003. Much like Facebook, LinkedIn provides an online platform for users to view each other’s online profiles and exchange information. The site is geared toward an older, professional demographic interested in networking for jobs and career opportunities. Users often post resumes and personal contact information, a particularly concerning aspect of the recent security breach.
eHarmony also affected
The online dating site, eHarmony was also affected by the onslaught of cybertheft this week, with the company reporting 1.5 million user passwords had been stolen from their website. The California-based company founded in 2000 matches single men and women interested in finding a long-term relationship. Much like the LinkedIn leaks, the eHarmony incident affects only a fraction of the site’s 20 million users.
One of the main concerns for both sites is the rise of, “phishing” in which hackers craft phony emails to look like they are originating from legitimate sources. The hope for cybercriminals is to trick users into willfully providing personal information, such as bank account and credit card numbers, and social security numbers.
The problem is a growing one, with hundreds of millions of phishing emails sent every year. In January, Google, Yahoo, Facebook, Microsoft and 11 other tech companies began to develop a jointly designed system to combat cyber-scams. Additionally, The Anti Phising Working Group (APWG), an independent citizen response to the widespread problem, tracks cases and provides information to the public on how to prevent identity theft on the Internet.
While numbers are not yet available for 2012, APWG estimates that there were 144,114 recorded cases of phishing in the 2nd half of 2011 alone. In the month of December, more than 32,000 cases were reported, one of the highest months ever recorded, according to the APWG trends report.
The problem has become so acute that the Federal Bureau of Investigations (FBI) has developed a unit to track and catch cyber criminals. Shawn Henry, former assistant director of the Cyber Division, detailed the spectre of increased criminal activity over the Internet in a previous statement, saying,
“We see three primary actors: organized crime groups that are primarily threatening the financial services sector, and they are expanding the scope of their attacks; state sponsors—foreign governments that are interested in pilfering data, including intellectual property and research and development data from major manufacturers, government agencies, and defense contractors; and increasingly there are terrorist groups who want to impact this country the same way they did on 9/11 by flying planes into buildings. They are seeking to use the network to challenge the United States by looking at critical infrastructure to disrupt or harm the viability of our way of life.”
While many of the attacks are aimed at the financial services sector and the federal government, citizens are cautioned against sharing information with unknown sources. Internet users who suspect they have uncovered a cyberscam can report the incident to the Internet Crime Complain Center by going to http://www.ic3.gov/complaint/default.aspx.
Shawn Henry alluded to the growing risk in the same interview saying, “We are not going to back away from the Internet. As technology increases, the challenge becomes greater.” By reporting attacks or threats to Internet safety, authorities can record, track and crack down on offenders.