Following the news that 117 million LinkedIn logins have been put up for sale on the Dark Web, potentially from a hack that took place four years ago, various industry experts have offered their analysis.
Trent Telford, CEO at Covata:
The fact that such a huge number of credentials have been available to hackers for so long is deeply worrying, not least because it’s common knowledge that consumers tend to use similar – or indeed, the same – passwords and usernames across a number of sites. It’s also concerning that LinkedIn underestimated the scale of this breach and points to the need for better investigative tools once a breach happens.
What’s more, while the passcodes were protected with a level of encryption, it’s clear that this was no where near robust enough to properly protect user details. Arguably, what is the point of encrypting something, if you don’t know who or why you are giving a key to someone? This is why verifying identity and creating stringent policies should be cornerstones in enterprise encryption strategies. If this latest breach teaches us anything, it’s that all encryption wasn’t created equal.
Lee Munson, Senior Researcher at Comparitech.com:
With a breach from years ago resurfacing to show a much bigger compromise, this should serve as a reminder to web users that data breaches can affect them even years after the event. In turn, this should encourage people to be more vigilant with their online accounts, ensuring they regularly change passwords and use different ones for each site to avoid all of their accounts being simultaneously compromised.
Nonetheless there will be many web users who will not ramp up their personal security in this way – but there are options such as password managers or setting up automatic reminders that can help this kind of user keep on top of their security. In a web where multiple options are on offer, it’s about each web user finding a means of keeping passwords unique and hard to guess, but manageable for everyday use, that works best for them – it’s not a one-size-fits-all thing!
Looking at the wider implications of the breach, the fear should be that this opens up a path of communication between criminals and CEOs, who can be sent personal messages from their connections. With access to high-profile LinkedIn accounts, cyber criminals can begin deploying social engineering tactics to the decision makers and executives who have the power to make the hackers very rich indeed. We’ll have to wait and see if and how this LinkedIn data is exploited by whomever buys it.
Toni Gidwani, director of research at ThreatConnect Inc:
The long lag time between the breach and passwords now appearing for sale suggests the data has already been mined for other nefarious purposes. LinkedIn, with its rich context of professional networks, is a gold mine for adversaries looking to social engineer targets for future attacks. Which are you more likely to open: an email from a Nigerian prince? Or a link in an article sent by someone you’ve worked with for years?
Four years after the fact, the breached data set still has some nominal monetary value, which is why it’s for sale for only a handful of bitcoin. But the trickier question is figuring out who has been exploiting the breached data for the last four years and to what end.
Rob Sobers, director at Varonis:
“The LinkedIn breach goes to show how a single significant breach can come back to haunt a business (and its customers) again and again. It also highlights just how in-the-dark companies typically are after a breach.
After a breach occurs we usually see a statement claiming that the security team has “isolated the affected systems,” but seasoned security researchers know that far too often the scope and severity of a breach is indeterminable due to a lack of comprehensive monitoring and logging.”
Photo Credit: Atelier_A/Shutterstock