By: Thandisizwe Mgudlwa – AfricanBrains
A warning to SA users is that passwords of 6.5 million LinkedIn users are reported to have been hacked.
According to a recent Mashable report, poor security practice at LinkedIn allowed for hackers to successfully access the passwords of more than 6.5 million account holders.
These passwords showed up on a Russian forum in SHA-1 (hashed) format to prove that the hackers had indeed succeeded in penetrating LinkedIn.
As LinkedIn cookies are not encrypted and expire only a year after being accessed, ESET Southern Africa warns local users to update all their social media passwords immediately, or run the risk of having their personal profile invaded.
With LinkedIn being a business-oriented social networking site, professionals share real, personal and industry information with their contacts, as opposed to what party they plan to attend or which games they are playing, which may be seen on networks like Facebook.
Carey van Vlaanderen, CEO of ESET Southern Africa says: “There is a good chance that if the hacker(s) achieved access to LinkedIn passwords then they also know the corresponding LinkedIn usernames, i.e. the matching email address of the account owner,” she says
“Besides changing your password regularly, it’s a good idea to review your user settings and try to understand, limit or narrow access to your key information to those with whom you intend to share.”
ESET is a global provider of security software for enterprises and consumers and is dedicated to delivering instant, comprehensive protection against evolving computer security threats.
For the time being ESET advises South Africans that cookies should be deleted and unsecured wireless network connections are kept to a minimum.
In doing so, users can help prevent unintended data sprawl, which in turn means that other user accounts, which might become compromised, won’t have as much of a direct effect on personal information.
Van Vlaanderen also issued the following warning to SA LinkedIn users: “It’s important that you don’t confirm your LinkedIn email address and password in a pop-up browser or on any other membership site.” Instead, navigate to the LinkedIn site directly by typing in the full URL in the address bar.