LinkedIn, Yahoo Feel Consequences of Data Breaches
CREDIT: 3d brained/Shutterstock.com
Like a bitter aftertaste, the effect of a data breach takes time to be noticed, whether it's through identity theft, lawsuits or corporate expenses.
Yahoo! is being sued for an unspecified amount by a New Hampshire man who says the company's poor data security caused his information to be compromised in a data breach last month that exposed 450,000 usernames and passwords.
Meanwhile, the chief financial officer of LinkedIn told investors during a conference call yesterday (Aug. 2) that his own company's data breach, which exposed 6.4 million poorly encrypted user passwords in early June, would cost the business-networking site between $500,000 and $1 million.
According to Bloomberg News, Jeff Allan wants a court order forcing Yahoo! to adequately compensate him and any other person affected by the Yahoo breach. The court was filed in the U.S. District Court for the Northern District of California on Tuesday (July 31).
On July 12, a little-known hacking group called "D33ds Company" posted the stolen Yahoo! data, which was a legacy file containing user login credentials from Associated Content, a so-called "content farm" that Yahoo! bought in 2010 and turned into a user-generated content site called Yahoo! Voices.
Unfortunately for Yahoo!, the Associated Content user data was never encrypted, which meant that user names, email addresses and passwords were online in "plaintext" for all to see.
Allan committed a common security no-no — he used the same login credentials for more than one site. In the court filing, Allan said that soon after the Yahoo! breach, he got a warning from eBay telling him his account there was being tampered with.
It wasn't clear whether such security sloppiness on Allan's part would weaken his case.
LinkedIn, unlike Associated Content, did encrypt its user login passwords, but not very well. It used the plain-vanilla version of a common encryption algorithm well known to both hackers and security professionals, and within days of the breach most of the 6.4 million passwords had been "cracked."
Yesterday, LinkedIn CFO Steve Sordello said that up to $1 million had been spent on tracking down who the data thieves were and how they got in, according to SC Magazine. Sordello said the company would spend $2 million to $3 million more in beefing up its security.
"Since [the breach], we have redoubled our efforts to ensure the safety of our member account on LinkedIn by further improving password-strengthening measures and enhancing the security of our infrastructure and data," Sordello reportedly said.
LinkedIn, which says it has 175 million members, most of whom entrust the site with vital personal and professional information, was criticized by security professionals after June's data breach for not having had a chief security officer.
If you'd like to check whether your own login credentials have been compromised, go to ShouldIChangeMyPassword.com, which aggregates all the recent data breaches and allows you to check your email address against its list.
In order to avoid becoming a victim of a data breach, choose strong, hard-to-guess passwords and never reuse any that are used to log into Webmail, social –networking, retail or financial sites.
This story was provided by SecurityNewsDaily, a sister site to BusinessNewsDaily.