‘One should avoid digging in the past‘; This idiom doesn’t apply on the hackers as some of them mint millions by only by peeping into the dump yards. One such incident occurred lately, as a hacker named ‘Peace’ tried to sell the account information of about 117 million users of LinkedIn Corp (NYSE:LNKD), albeit the users’ information was hacked way back in 2012.
Well, despite the facts that many of those records may have been obsolete by now it’s indeed an alarming situation for LinkedIn as the professional network didn’t bother to pay much attention to the development in 2012. Though the stolen accounts had encrypted passwords, around 6.5 million passwords were published online in 2012.
The hack was confirmed by some reliable sources that include LeakedSource. The data has been made up for sale by Peace, who price tagged with 5 bitcoins ($2,200).
Motherboard received a sample containing account details of around 1 million LinkedIn users from LeakedSource . The account had passwords which were encrypted by the SHA1 algorithm.
The legitimacy of the hacked credentials was confirmed by Troy Hunt, a security researcher who maintains ‘Have I Been Pwned’ notification site. He contacted some of the victims of the hack and enquired them about their LinkedIn account credentials, which happened to be similar to the credentials provided by Peace.
Some may argue about the validity of LinkedIn users’ leaked information factoring its almost a 4 years old data. However, considering that a majority of users don’t change the password for years the data still remains quite valuable. In fact, most of the companies also don’t encourage users to change their password frequently as mandatory password change cost billions in productivity loss – for very little security payoff.
Hacking over the years
Hacking can be regarded as an art; hackers are able to find some vulnerability in the security of the organisations’ network, apps or software.
According to the latest Internet Security Threat report by Symantec, The zero-day vulnerabilities increased by a whopping 125% in 2015 compared to the previous year. In a layman’s language, a zero-day vulnerability occurred every single week in 2015. A whopping 429 million of exposed identities were reported in 2015.
Even the most famous and secure websites have unpatched vulnerabilities thus putting our account and other details at stake. Of all the most trustworthy websites 75% had unpatched vulnerabilities in 2015. Technical support scams were too on a rise as 100 million of such scams were reportedly blocked by Symantec alone.
In another report by AT&T, the number of times hackers looked into ‘Internet Of Things’ in the past year for vulnerabilities increased 458% YoY. The Healthcare industry remained the prime target of hackers.
Even the WordPress sites were targeted by hackers in the past year, Cisco reports that the number rose by an elephantine 221% within a year.
But it is not just websites and platforms that are under the radar of hackers, smartphones are equally popular. Android platform was hit by 8.19 billion malware attacks in 2015. However, to discourage hacking attempts Google takes actions at regular intervals by scanning a number of apps and devices at regular intervals.
According to Verizon, Financial gains motivates hackers the most. About 89% of the hacking attempts are motivation by dreams to pocket millions overnight.
The Recent Past Incidents
Linkedin account hack is the sole incidents in the recent past. A while ago 272.3 million email accounts that included e-mail accounts from well-known service providers like Gmail, Yahoo, Microsoft etc. were reportedly stolen and were up for sale. The most interesting fact about this hack was that the data was up for sale for a tiny $1 (50 rubles) by an alleged Russian hacker.
In another incident, the hackers targeted the Indian Railway website IRCTC and robbed the credentials of around 10 million customers that included their PAN card details, mobile numbers and email Ids. In March 2016, Al Qaeda also managed to sneak into another micro-website of Indian railways and posted malicious messages related to Indian Muslims.
The less hyped personal hacking involves, hacking into someone’s personal account by gathering some information about him/her serves as a wormhole for hackers.