If you’re a LinkedIn user, log in now and strengthen your security. Reports indicate that LinkedIn accounts are under attack.
First brought to light by Cyberint, LinkedIn users have taken to social media with word that their accounts have been frozen or outright hacked. In some cases, users received ransom notes for the return of their hacked accounts.
It appears that LinkedIn is weathering a wave of brute-force attacks. This type of attack works much like it sounds—hackers try to force their way into accounts by guessing passwords. With powerful hacking apps, they can guess millions of passwords in seconds.
As a result, one of two things is happening:
- LinkedIn users receive an official, legitimate email from LinkedIn alerting them that their account has been locked due to unusual activity. This measure likely kicked in because of a brute force attack or because the attack occurred on an account using two-factor authentication. In this case, the account wasn’t compromised. However, these users then must reactivate their accounts per instructions provided by LinkedIn.
- Users try to log in and find that their password has been changed. Effectively, their account has been hacked. Reports show that some of these accounts get deleted. In other cases, the hacker changes the account’s email to an address using the “rambler.ru” domain, which makes the account unrecoverable by the user.
Given the scope, scale, and consistent use of the rambler.ru domain, this has all the signs of an organized attack. As of this writing, no group has claimed credit.
How quickly can someone hack my password with a brute force attack?
If any event underscores the need for strong, unique passwords, this is it.
Given today’s computing power, the password generators hackers use for brute force attacks can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.
Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute force attack might crack that password in as fast as one second.
(Using numbers, uppercase and lowercase letters, and symbols)
Time to Crack the Password
|16||16 Million Years|
However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols—it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute force attack on one password takes too long, it’ll simply move onto the next one.
How to protect yourself from the LinkedIn attacks.
Log into your LinkedIn account now and verify that it’s indeed secure. Then, take the following steps:
- Enable two-factor authentication. You’ll find this in your security settings. Using two-factor authentication makes hacking your account far, far more difficult than hacking it with password protection alone.
- Set a new password. Make it strong and unique, using numbers, uppercase letters, lowercase letters, and symbols. As illustrated above, the longer the better—14 or even up to 16 characters.
- Confirm your contact email. LinkedIn will alert users of unusual activity. Ensure that the contact information in your account profile uses an email address that you regularly check.
How to create your own strong, unique password. One that you can still remember.
Fourteen characters? Even up to 16 characters? How do you create that without just mashing on your keyboard? (Not recommended.) A layered password can do the work. It’s a way of creating a phrase and turning it into a strong, unique password that you can still remember.
- Pick a phrase that is memorable for you: Don’t use easily discovered information, like your birthdate or pet’s name. Try something linked with an interest or hobby. If you’re an avid runner, you might choose a phrase like, “Running 26.2 Rocks!”
- Replace letters with numbers and symbols: Remove the spaces. Then, you can put symbols and numbers in the place of some of the letters. Runn1ng26.2R0ck$!
- Include a mix of letter cases: Finally, you want lower and uppercase letters that aren’t in a clear pattern. Algorithms know how to look for common patterns like camelCase or PascalCase. Runn1NG26.2R0cK$!
Now, you have a 17-character password that challenges hackers and that’s still something you can remember.
Or, have a password manager handle the strong, unique passwords for you.
Granted, creating strong, unique passwords for dozens and dozens of accounts can take a bit of time. (To put it mildly.) It can take yet more time if you manage them, such as if change them regularly (which can help protect you from data breaches and brute force attacks like this one at LinkedIn). Here, a password manager can help.
A password manager can create, memorize, and store strong, unique passwords. It’ll use the random numbers, letters, and characters we mentioned earlier. The passwords won’t be memorable, but the manager does the memorizing for you. You can also use it to update passwords regularly. In a time of data breaches, this offers you extra protection. Taken together, every account you have gets powerful password protection when you hand the job over to a password manager.
Log in now and secure your LinkedIn account.
This wave of attacks reminds us just how powerful, or weak, our passwords can be. A strong, unique password in conjunction with two-factor authentication stands as your best defense as LinkedIn weathers these attacks. Strengthen your security.
Strengthen your other accounts as well. Hackers target websites and platforms of all sizes, and not every attack makes the headlines. Strong security measures for each of your accounts will protect you best if you end up as a hacker’s target.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.