The tagline of this blog is "shaping your online identity to balance community with privacy". The report that 6.5 million SHA-1 unsalted password hashes claimed to be from LinkedIn hasn't "lit up the phone lines" so far. Yes there are hundreds of Tweets reposting the news with some cynicism. It is too early to tell why the reaction of the community has been so limited. But with over 160 million LinkedIn members (end of Q1 2012), everyone should be aware how your online identity could be altered where it matters most - your business network. You could be one of the 1 in 25 members whose password has been exposed. We should be on the lookout for unexpected invitations.
A social media network thrives upon a community knowing that the host protects them from unwanted relationships. I am a bit surprised that a social media company has had a decidedly unsocial response. Here are the four (yes only four tweets) in the first 17 hours from @LinkedIn since the news broke.
It is late at night as I write this so one probably doesn't expect much. However, I would like to believe that the company is working hard at the problem. Perhaps there hasn't been much outcry from LinkedIn members yet. This is partly because the LinkedIn website has no mention of a problem.
Interestingly, security researchers seem to be ahead of the game. @SophosLabs suggested changing your password four hours ahead of LinkedIn.
Why the low key response? cnbc.com suggests LinkedIn stock is teflon so despite 1 in 25 of its customers at potential risk, such a security problem isn't being taken seriously. Sophos Labs has a blog post explaining what LinkedIn meant by "passwords that are reset will now be stored in salted hashed format". LinkedIn closes its blog post announcing the breach with "We take the security of our members very seriously" but apparently not enough to salt its hash until being breached.
What about us? It seems we need our social communities these days so one either protects oneself as much as you can (you did change your LinkedIn password?) within the network or pay the opportunity cost of loss connections by leaving the network. Either way there is a price to pay.
A social media network thrives upon a community knowing that the host protects them from unwanted relationships. I am a bit surprised that a social media company has had a decidedly unsocial response. Here are the four (yes only four tweets) in the first 17 hours from @LinkedIn since the news broke.
It is late at night as I write this so one probably doesn't expect much. However, I would like to believe that the company is working hard at the problem. Perhaps there hasn't been much outcry from LinkedIn members yet. This is partly because the LinkedIn website has no mention of a problem.
Interestingly, security researchers seem to be ahead of the game. @SophosLabs suggested changing your password four hours ahead of LinkedIn.
Why the low key response? cnbc.com suggests LinkedIn stock is teflon so despite 1 in 25 of its customers at potential risk, such a security problem isn't being taken seriously. Sophos Labs has a blog post explaining what LinkedIn meant by "passwords that are reset will now be stored in salted hashed format". LinkedIn closes its blog post announcing the breach with "We take the security of our members very seriously" but apparently not enough to salt its hash until being breached.
What about us? It seems we need our social communities these days so one either protects oneself as much as you can (you did change your LinkedIn password?) within the network or pay the opportunity cost of loss connections by leaving the network. Either way there is a price to pay.
