Entries in Internet Security (4)


LinkedIn Hacked: 6.4 Million Passwords Reportedly Stolen

Jin Lee/Bloomberg via Getty ImagesUPDATE: LinkedIn said a number of its users' accounts were compromised in a security breach, posting on the site's blog Wednesday, "We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts."


(NEW YORK) -- The social networking website LinkedIn is investigating claims that more than 6 million passwords were stolen and uploaded to a Russian-language web forum Wednesday.

Reports of the hacking first appeared on Russian language websites and were confirmed by security firms, who reported that a user in Russian-language forum posted the passwords Wednesday.

A Twitter account run by LinkedIn announced Wednesday morning that the company "continues to investigate" but was still unable to confirm whether any security breach occurred.

Graham Cluley, a security expert working at the British firm Sophos, said in a blog post that although the passwords are not correlated to user names, "it is reasonable to assume that such information may be in the hands of the criminals." Cluley said that the security firm had confirmed that the file uploaded to the Russian forum did contain the LinkedIn passwords, despite the company's hesitation to confirm it.

Users who fear that their passwords may have been stolen can change their passwords on the website by clicking on their names in the upper right corner of the website's homepage, and then clicking on Settings and choosing the "Change" link next to password.

Cluley also recommended changing passwords at other sites where users may have used the same password.

Copyright 2012 ABC News Radio


Senate Considers Privacy 'Bill of Rights' to Protect Consumers

Comstock/Thinkstock(WASHINGTON) -- U.S. consumer privacy laws are, to put it bluntly, a mess.  We have sectoral laws that provide different protections for financial information, cable and phone subscriber records, health privacy and yes, video rentals.

But we are the only country in the Organisation for Economic Co-operation and Development except for Turkey that fails to provide baseline protections for consumer data that is collected online and offline.

Every day, our personal data are scattered across the Internet and beyond to advertisers, social network sites, data brokers, direct marketers and the myriad of companies we do business with.  And our privacy laws simply haven't moved in step with the way our capacity to collect, process and share our personal information.

The Federal Trade Commission has pushed about as far as it can with its limited power to go after bad guys for unfair or deceptive practices, but that case-by-case focus on instances where companies deceive consumers is just not enough.  Companies simply hide behind ponderous and undecipherable privacy policies that do nothing to protect privacy, written by lawyers who are looking out for their companies -- not you.

But we might make progress yet.  A recently introduced a bill from Senators John Kerry (D-Mass.) and John McCain (R-Ariz.) would create for the first time a commercial privacy "Bill of Rights."  It is the first comprehensive privacy bill in the Senate in more than a decade.

The bill would require basic Fair Information Practice Principles for all companies that collect personal data both online and offline.  In practice, this means you get clearer, more timely and understandable notice when your information is collected.

Companies will have to tell you exactly what they are planning to do with your information, collect only what they need to accomplish that purpose and only hold on to your data as long as they need it for the stated purpose.  You will be able to opt out of third party advertising and that opt-out needs to be global and persistent over time.

Security rules will be strengthened, as will the right of consumers to access the information that a company holds about you.  If it's wrong, you can fix it.  Both the FTC and State Attorneys General would have power to enforce the new law and impose significant civil penalties for violations, up to $6 million in civil fines.

The bill also has a requirement that companies engage in "Privacy by Design," which means they have to have internal processes in place to consider how to protect privacy as a product or service is first developed.

Finally, in order to make sure that these high level obligations can be tailored to different industries, the bill encourages companies to collaborate with consumer groups and others to develop industry-specific codes that incorporate and build upon the law's requirements.  It is then up to the FTC to review those codes and approve the ones that pass muster.

Copyright 2011 ABC News Radio


Online Identity Theft Prompts Security Guidelines From White House

Jupiterimages/Thinkstock(WASHINGTON) -- As a way to combat online identity theft in the age of digital shoplifting, the White House has developed a plan dubbed the National Strategy for Trusted Identities in Cyberspace, or NSTIC.

"Today, we take another major step; this one to ensure that the Internet's security features keep up with the many different types of online transactions people now engage in," Commerce Secretary Gary Locke said at the unveiling last week.

For the typical consumer, the plan means a partial consolidation of Internet logins, a kind of "Facebook Connect" for online shopping, with the government's stamp of approval.  Another part of the plan lays the groundwork for hand-held authentication devices.

People in the near future could verify their online identity through a cell phone or keychain.

"Today, we have lots and lots of usernames and passwords and, generally speaking, people have pretty bad habits," Aaron Brauer-Rieke, a fellow at the Center for Democracy and Technology, said.  "They don't use good passwords.  They use repeat passwords for the same username across the Internet."

Of course, too few passwords can also present a problem.

"On the flip side of the scale, if you have one username and password, that's also a bad security situation," Brauer-Rieke said.

So policy makers will aim for a balanced approach, emphasizing the need for multiple login providers as a way to combat identity theft.  Improved security could encourage consumers and financial services companies to adopt mobile payments through smartphones.

Proponents of the system emphasize that the program would be voluntary.  Industry and government want to avoid the appearance of a mandatory national online identity program.

Copyright 2011 ABC News Radio


Hackers Penetrate Nasdaq Computer Network

Photo Courtesy - Getty Images(NEW YORK) -- The computer network of the company that runs the Nasdaq Stock Market has reportedly been attacked by hackers numerous times over the past year.

According to a report by the Wall Street Journal officials say that while they haven’t been able to determine specific areas that have been hacked, they are certain that the part of the network that executes trades was not penetrated. The hack attacks raise concern about the possibility of confidential information being exposed, and investigators are working to figure out just exactly who the hackers are. Officials say the hackers appear to have just been looking around, and there hasn’t been any indication of tampering with information, according to the Wall Street Journal report.

Government officials are concerned because Nasdaq is viewed on par with power companies and air traffic control operations, in terms of national importance. Now that unauthorized eyes have peered at the exchange, there is the threat that high-security government information could possibly be accessed.

Possible motives behind the hack attacks are financial gain and theft of trade secrets, among other things, but since the intruders have only been browsing, one can only speculate about motive.

While authorities are yet to identify the perpetrators, some say there is evidence that the hackers may be from Russia.

Information technology experts are trying to stay ahead of the hackers, by attempting to secure possible weak spots in the company’s network, but there is no guarantee that the network is hack-proof since hackers tend to be innovative in their attempts to penetrate networks. Both the Secret Service and the Federal Bureau of Investigation are conducting investigations into the matter, according to the Wall Street Journal report.

Copyright 2011 ABC News Radio

ABC News Radio