Another scandal with hacked accounts has rocked the network and gave us another reason to think of the importance of two-factor auth for everyone.<\/p>\n
This time, the data protection system of LinkedIn<\/em>, the largest social network for business people, was compromised. Actually, this data leakage happened four years ago, in summer 2012. Back then hackers got an access to the email addresses and passwords of the LinkedIn<\/em> users. Shortly after that 6.5 million of them were put on the Internet. The company could not deny hacking and decided to reset the passwords for those accounts whose data were published. But the losses the LinkedIn<\/em> data protection system suffered in 2012 appeared to be higher than it was supposed earlier.<\/p>\n A few days ago a hacker who calls himself Peace_of_mind<\/em> posted an offer for the sale of information about the LinkedIn<\/em> users on one of the DarkNet<\/em> trading platforms. The hacker sells the data of 167 million accounts (117 million of them with passwords) for the $2,200, but in Bitcoins. According to the LinkedIn<\/em> experts and representatives, this is that very database “leaked” four years ago.<\/p>\n Soon after the database of 167 million LinkedIn<\/em> users went on sale, a group of fraudsters OurMine Team<\/em> hacked several Twitter<\/em> and Tumblr<\/em> accounts of famous people. Among the victims are Markus Persson<\/em>, an author of a famous game Minecraft<\/em>, a pop star David Choi<\/em> and even the founder of Twitter<\/em> Biz Stone<\/em>. The hackers argue they didn’t use the data of 2012 leakage. But all the victims had LinkedIn accounts bound to other accounts and were among those compromised in 2012. Is it a coincidence?<\/p>\n In order not to lose more than has been lost because of the hackers\u2019 attack and the negligence of LinkedIn<\/em> leadership you should immediately do three following things:<\/p>\n The last point should be considered in more details. Many users believe that 2-factor authentication is troublesome, time-consuming and not always reliable. I must say, this point of view is not unreasonable if you mean the usual 2FA (2-factor authentication) via SMS-messages. It is not a problem for experienced hackers to intercept an SMS. Telephone networks typically use open unencrypted communication channels. So is it worth spending time on sending and receiving one-time passwords, which can be intercepted?<\/p>\n Today two-factor auth methods go beyond the SMS-messaging. One of the best user authentication tools is hardware token. Using the hardware security token you can make 2-way authentication more secure. TOTP hardware tokens operate autonomously and generate one-time passwords without connecting to open networks. Unlike computers and smartphones, the autonomy of the hardware token prevents it from being infected by Trojans or other viruses. Modern hardware tokens even provide an opportunity to change some options of the password generation without affecting its reliability. For example, the Protectimus OATH hardware tokens (Slim mini, Smart, etc.) allow changing some settings: choosing the length of the OTP, activation of the PIN-code protection, and the client can even setup the necessary lifetime of the generated OTP passwords.<\/p>\n These features can significantly complicate the interception and guessing of the password by fraudsters.<\/p>\n Nowadays, the majority of sites and services, including LinkedIn<\/em>, support two-factor auth. But nobody usually forces to use it. So, it is up to you to decide whether your network life to be safe and secure or not.<\/p>\n<\/span>","protected":false},"excerpt":{"rendered":" Another scandal with hacked accounts has rocked the network and gave us another reason to think of the importance of two-factor auth for everyone. This time, the data protection system of LinkedIn, the largest social network for business people, was compromised. Actually, this data leakage happened four years ago, in summer 2012. Back then hackers […]<\/p>\n","protected":false},"author":10,"featured_media":4394,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[7],"tags":[202,118,99],"class_list":["post-1731","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-news","tag-cybersecurity","tag-data-protection","tag-two-factor-authentication"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/1731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/comments?post=1731"}],"version-history":[{"count":2,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/1731\/revisions"}],"predecessor-version":[{"id":4395,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/1731\/revisions\/4395"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media\/4394"}],"wp:attachment":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media?parent=1731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/categories?post=1731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/tags?post=1731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What should the LinkedIn hacking victims do?<\/h2>\n
\n