Full article

Lessons from LinkedIn DB Breach

We are aware that social networking site LinkedIn was breached in June, 2012 and nearly 6 million user credentials were stolen. In May 2016 it's confirmed that nearly 115+ million credentials were stolen, and are now available for sale. So, it's time we revisit what went wrong, and what can we learn from it.

  • First and foremost, there were vulnerabilities (or at-least one) in the web-application and the way it queries the DB was not well implemented. It means the adversary would have found a way to dump the data from it's DB. [Application Development]

  • When the data was being extracted, there should have been some anomaly with the traffic. And, when the data size is 100+ million users, some kind of SIEM should have raised a red flag (if properly implemented). [Defense in Depth/ Incident Response]

  • Lets talk about the passwords. Okay, you store the passwords as hashed (at-least) but is it good enough? NO. The passwords must be hashed with SALT (a long set of characters). This makes it very difficult for the rainbow tables to find a match. [Password Controls & Management]

  • Now, one thing that surprised me is why LinkedIn was not aware of the size of leak? I understand the adversary released a subset and LinkedIn confirmed it; but as a well implemented Incident Response, the company should have known the size of leak with logs etc. Either the firm intentionally kept it under the cover, or their Incident Management really s*cks.

  • This is for the users - your passwords were available in the hands of adversaries and I hope (in vain) you did not use the same password for other networks as well. That's never a good choice!

LinkedIn has issued a legal statement requesting users to change the passwords, but how many users will change the same password from other networks. Michael Aronowitz, Vice President of Saveology said,

Everyday hundreds of sites are hacked and personal information is obtained. Stealing login information from one account can easily be used to access other accounts, which can hold personal and financial information.

So, when a database gets breached, it gives the adversaries an idea on your password expectations. So, a breach of this size can result in compromising same users on other networks. Therefore, I request everyone to change the password on every portal where the LinkedIn password is re-used.