The reports of further LinkedIn user’s passwords being sold online, following a hack four years ago, demonstrates the need for businesses to consider security procedures before a data breach forces them to – prevention is always better than cure. Customers that entrust their private information to an online provider should be able to rest safely in the knowledge it is kept in a secure manner; and all companies who handle private data have a duty to secure it.
In this particular case, the leaked data contains e-mail addresses and associated unsalted password hashes. Cybercriminals have the opportunity to use this information to steal personal identities or more. Unfortunately, once a breach of this nature has occurred, there is not much that can be done about the leaked data. While LinkedIn has taken the precaution of invalidating the passwords of the accounts impacted, and contacting those members to reset their passwords, the chances are that many will use the same password across multiple online accounts. So it’s important that LinkedIn users take steps to change the password for other online accounts where they have used the same password.
Whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures businesses can take in order to protect their customer’s information including obscuring (hashing and salting) customer passwords which it appears LinkedIn did not have in place. The best way for organisations to combat cyber-attacks is at the beginning; by having an effective cyber-security strategy in place before the company becomes a target.”