The LinkedIn hack: what the experts think

Reaction to the LinkedIn hacking

Carl Leonard, senior security research manager EMEA, Websense

The compromise of a LinkedIn account has three important ramifications. First, the key concern is the bad actors taking advantage of trust. If you are 'linked' to a trusted colleague you are more likely to click on a malicious link sent from them, which may open the door to targeted attacks and confidential data theft.

Second, because many LinkedIn accounts are tied to other social media services, such as Facebook or Twitter, posts with malicious links can also be propagated to a larger audience.

And lastly, many of us are creatures of habit and have the same password for multiple accounts. The consequences of a breached password could be extrapolated across email, social media, banking accounts, and mobile phone data.

Orlando Scott-Cowley, Mimecast

While a data leak of this kind would be very worrying for individuals, a security issue with LinkedIn could also be very potentially damaging for businesses. With many users seeing the site as an extension of their business communications, rather than as a personal tool, employers need to be aware about the possible threat to corporate data that a LinkedIn breach could represent.

Now is a great time to educate your users on the benefits of password complexity and good password policies.

David Emm, senior security researcher at Kaspersky Lab

While LinkedIn says that they are notifying anyone with a compromised password that they need to change their password, we would recommend that anyone with a LinkedIn account takes the precaution of changing their password immediately.

Unfortunately, many people use the same password for multiple online accounts. This practice brings with it the risk that a compromise of one account puts all accounts at risk. We would urge everyone to use a unique, complex password for all online accounts, i.e. one that is at least eight characters and mixes letters, numbers and symbols.

John Yeo, Director at Trustwave SpiderLabs EMEA

It is important for all users of the social network to immediately change their password, not just on LinkedIn, but any other social network where the same password has been used. Perhaps more importantly however, users should also change any passwords to their corporate networks where they have used the same password.

Recent research conducted by Trustwave SpiderLabs found that in over 2.5 million passwords (in use within the workplace) that were analysed, variations on the word "password" made up more than 5% of passwords, and the most common password used by global businesses is "Password1" because it satisfies the default Microsoft Active Directory complexity setting. In approximately 15% of physical security tests, written passwords were found on and around workstations.

And finally… Vicente Silveira, LinkedIn

We want to provide you with an update on this morning's reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously.

Linkedin hacked. Photograph, Getty Images.

Steve Evans is the deputy web editor of Computer Business Review.

Show Hide image

Unconvinced by Ken Loach’s benefits story? That says more about Britain than the film does

The director has clashed with a film critic about his representation of the welfare state in I, Daniel Blake.

I, Daniel Blake, Ken Loach’s new film, has kicked off a row between the director and The Sunday Times’ film critic, Camilla Long.

Published on Sunday, the review – which called the film a “povvo safari for middle-class do-gooders” – has led to Loach and some audience members rowing with Long online.

Long also describes the film – which is an unforgiving drama about the cruelty of welfare bureaucracy – as “misery porn for smug Londoners”.

Her contention is that it is “condescending” and “patronising” to benefits claimants, partly because it will mainly be seen by affluent audiences, rather than “the lowest part of society” – so acts as a vehicle for middle-class guilt rather than an authentic reflection of people’s lives.

I’ve seen the film, and there are parts that jar. A reference to the Bedroom Tax feels shoe-horned in, as if screenwriter Paul Laverty remembered last-minute to tick that box on his welfare scandal checklist. And an onlooker outside the Jobcentre’s rant about the Bullingdon Club, Etonians and Iain Duncan Smith also feels forced. (But to me, these parts only stood out because the rest of the script is convincing – often punishingly so.)

A critic is free to tear into a film they didn’t enjoy. But the problem with Long’s review is the problem with the way Britain in general looks at the benefits system: disbelief.

For example, Long calls it “a maddening computer error” and “a mysterious glitch” that Daniel Blake – a 59-year-old carpenter who has been signed off from work by his doctor after a heart attack – is denied his disability benefit.

Actually it’s because he’s been found “fit to work” after an agonising tick-box phone assessment by an anonymous adviser, who is neither a nurse nor a doctor. This is a notorious problem with work capability assessments under a welfare system constantly undergoing cuts and shake-ups by successive governments.

Both the Personal Independence Payment (which replaced the Disability Living Allowance in 2013 under the coalition) and Employment and Support Allowance (which replaced the Incapacity Benefit in 2007 under New Labour) have seen backlogs and delays in providing financial support to claimants, and work capability tests have repeatedly been under fire for being intrusive, inappropriate, or just wrong. Funding for those in the “work-related activity group” who claim ESA – in which you work if you are deemed able to during continual interviews with an adviser – also suffered a 30 per cent cut in last year’s budget.

Also, when people claiming ESA believe they have wrongly been found “fit for work” and appeal – as Blake does in the film – more than half of decisions are overturned when they reach a tribunal.

It’s a system that puts cost-cutting above people’s welfare; Jobcentre staff are even monitored individually in terms of how many sanctions they impose (Blake’s friend Katie is sanctioned in the film), making them feel as if they are working to targets.

The situation for disabled, sick or broke people claiming welfare is unbelievable in this country, which is perhaps why it’s so difficult for us – or for some watching Loach’s portrayal of the cruel system – to believe it at all. At best, it’s because we would prefer to close our eyes to a system that we hope we never have to grapple with. At worst, it’s because we don’t believe people when they say they cannot work, and demonise them as “shirkers” or “scroungers”.

By all means question Loach’s cinematic devices, but don’t question the point of telling the story at all – and the story itself. After all, it’s the very inability of people who rely on the state to have their voices heard that means they are always hit the hardest.

Anoosh Chakelian is deputy web editor at the New Statesman.