Password Theft: Hacking Probe At LinkedIn

Millions of users of the social networking website LinkedIn have been told to reset their passwords after security information was stolen.

The site, which is aimed at professionals and has in excess of 161 million members in more than 200 countries, was compromised and members' details were posted online.

LinkedIn director Vicente Silveira said in a statement: "We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts."

He said the company was investigating the security breach and added that those who were affected will notice their LinkedIn passwords will no longer be valid.

It is thought the passwords of more than 6.5 million people were stolen.

Mr Silveira said: "Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.

"These members will also receive an email from LinkedIn with instructions on how to reset their passwords."

Users were told they should never change their passwords by following a link sent on an email.
"These affected members will receive a second email from our customer support team providing a bit more context on this situation and why they are being asked to change their passwords," Mr Silveira added.

IT security and data protection firm Sophos said the leaked encrypted data does not include associated email addresses but warned that hackers will be working to crack the "unsalted" password hashes and "it is reasonable to assume that such information may be in the hands of the criminals".

Graham Cluley, senior technology consultant at Sophos, said: "It would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step."

Mr Silveira said LinkedIn had recently improved its security, which included the "hashing and salting" of current password databases.

California-based LinkedIn launched in 2003 and made its stock market debut in May 2011 in the hope of raising money for expansion.

LinkedIn gets more than two-thirds of its revenue from fees it charges companies, recruiting services and other people who want broader access to the profiles and other data on the company's website. The rest comes from advertising.

Using Your Fingers Instead of Passwords

By Kendra Srivastava

Tablet owners may soon unlock their devices using biometric sensors, as security technology progresses beyond traditional passwords.

Napa Sae-Bae, a graduate student at the Polytechnic Institute of New York University, is creating an iPad app to verify users' hand shape and finger length. Sae-Bae's biometric analyzing algorithm has already yielded a 90 percent accuracy rate, suggesting her innovation may have widespread application when it debuts in a year.

This project improves on Sae-Bae's existing tablet app, which unlocks iPads in response to hand gestures like palm rotation.

"Unlike gestures, fingerprints are physiological physical traits that you can't change," she explained about her current research. "There's the feeling that these are supposed to be secure and private."

Biometric identification research like Sae-Bae's may revolutionize the mobile industry if it succeeds, as consumers demand new and better ways to protect their data against hackers.

A hospital in Canada already uses fingerprint scanners to verify doctors' identities, allowing them to reach medical records with one swipe rather than entering long passwords.

Fujitsu, a Japanese company, is developing another kind of biometric sensor called PalmSecure that recognizes users' vein patterns instead of fingerprints or hand length.

The company maintains that hand veins never change, while fingerprints and other external hand features may fade or scar over time.

Echoing Fujitsu's logic, researchers at the National Chung Hsing University in Taiwan are building heartbeat scanners to identify mobile phone and tablet owners. Every person's heartbeat is unique, making this biological marker an ideal password.

These seemingly foolproof innovations are designed to prevent the increasing incidence of hackers stealing or cracking personal and company passwords. Recent hacks against worldwide governments and corporations suggest no traditional password is safe, not even those at the Pentagon or FBI.

Despite the danger, many mobile phone owners and IT departments still use convenient security codes like "password1" or "1234," leaving them easily susceptible to malicious intrusions.

But while a palm or retina-scanning app may end the need for such passwords, this technology could also backfire.

For example, the facial detection system on Samsung's Galaxy Nexus is easily fooled by a picture, negating its usefulness as a security tool.

Biometric identification may discourage today's hackers more effectively than traditional passwords, but like any security tool it will likely challenge a new breed of hackers to twist it for their purposes.