According to a recent Mashable report, poor security practice at LinkedIn allowed for hackers to successfully access the passwords of more than 6.5 million account holders.
These passwords showed up on a Russian forum in SHA-1 (hashed) format to prove that the hackers had indeed succeeded in penetrating LinkedIn.
As LinkedIn cookies are not encrypted and expire only a year after being accessed, security software provider, ESET Southern Africa warns local users to update all their social media passwords immediately, or run the risk of having their personal profile invaded.
With LinkedIn being a business-oriented social networking site, professionals share real, personal and industry information with their contacts, as opposed to what party they plan to attend or which games they are playing, which may be seen on networks like Facebook.
“There is a good chance that if the hacker(s) achieved access to LinkedIn passwords then they also know the corresponding LinkedIn usernames, i.e. the matching email address of the account owner,” said Carey van Vlaanderen, CEO of ESET Southern Africa. “Besides changing your password regularly, it’s a good idea to review your user settings and try to understand, limit or narrow access to your key information to those with whom you intend to share.”
For the time being ESET advises South Africans that cookies should be deleted and unsecured wireless network connections are kept to a minimum. In doing so, users can help prevent unintended data sprawl, which in turn means that other user accounts, which might become compromised, won’t have as much of a direct effect on personal information.
Van Vlaanderen also issued the following warning to SA LinkedIn users, “It’s important that you don’t confirm your LinkedIn email address and password in a pop-up browser or on any other membership site.” Instead, navigate to the LinkedIn site directly by typing in the full URL in the address bar.