Password security is at the height of importance for individuals, but even MORE important for the people who you have those passwords with.
So you can understand why it’s a a bit scary that the social networking site for business connections, LinkedIn, was hacked and just this side of 6,458,020 passwords were accessed.
An unnamed individual, and former user of the professional connections website, revealed the passwords online as proof – granted, he published the list without the accompanying usernames. It appears he isn’t malicious, just resourceful enough to figure out their system.
Mashable spells out how this was accomplished.
The passwords are encrypted with the SHA-1 cryptographic hash function, used in SSL and TLS and generally considered to be relatively secure, but not foolproof. Unfortunately, it also seems that passwords are stored as unsalted hashes, which it makes it much easier to decipher them using pre-computed rainbow tables.
Unsalted hashes? Everyone likes a little seasoning on their hash right? Rainbow tables? Really? Are these real terms? Of course they are.
Of course this doesn’t bode well for LinkedIn after there was already some bad press about their iOS app and how it potentially violates user privacy in the way it handles calendar entries.
I am going to go change my LinkedIn Password and delete my calendar now. And yes, I will be wearing my tinfoil hat while I do it.