TURN YOUR LEAKEDINACCOUNT BACK TO A             ONE
Meet Sam2    Sam’s an up-and-comer    who has active online    accounts with his bank,    credit issuers and social    net...
Sam’s got a password problem3    Sam’s LinkedIn password was    one of 6.5 million passwords    posted on a Russian hacker...
Sam’s not happy4    He reads on The Verge, a great source for tech news, that    LinkedIn stored passwords as “unsalted SH...
5   Sam is confused    What do passwords have to do with greasy diner food?    © 2003-2012 Identity Theft 911, LLC. All Ri...
Sam does his homework6    He learns that many websites—    including LinkedIn—encrypt    passwords in an effort to protect...
7             Sam learns why salt is good                                    To make password hashes more secure, a system...
8             LinkedIn didn’t add salt© 2003-2012 Identity Theft 911, LLC. All Rights Reserved   June 11, 2012
How the hackers get in9    Hackers armed with your hashed password and    username can:    1. Log in to your LinkedIn acco...
Hackers love Sam10     Then the real trouble begins.     Once they’re in your computer, hackers can gain access to     you...
11             Sam’s password is his identity               Sam’s email address is a key piece of his identity on         ...
12             Sam’s vulnerable               LinkedIn users are at greater risk for fraudbecause:               1.   They...
Sam swings into action13     He follows these seven tips:     1.   Change your password     2.   Create a strong password ...
Sam Smart        greeneggsandham@smail.com14   1. Change your password     Log in to your account. Go to settings and clic...
15             2. Create a strong password               It should be long. Think of a good               quote or song an...
16             3. Make it even stronger               Include numbers, upper- and lowercase letters, and symbols.         ...
17             4. Use unique passwords               Avoid using the same password twice.               If that old Linked...
5. Consider a password manager18     Sam is annoyed. How will he     remember his passwords?     He checks out password   ...
6. Alert others19     If your account is compromised, alert your contacts so they     don’t become victims. Notify LinkedI...
20               7. Beef up security             •   Sign out of website accounts after you use them.             •   Set ...
Sam is glad21     Now Sam uses strong, unique     passwords for different online     accounts.     He feels good knowing h...
22             Be proactive               If you suspect you’re a victim of               identity theft, call your bank, ...
Upcoming SlideShare
Loading in...5
×

Turn Your LeakedIn Account Back Into a LinkedIn One

1,162

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,162
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Turn Your LeakedIn Account Back Into a LinkedIn One"

  1. 1. TURN YOUR LEAKEDINACCOUNT BACK TO A ONE
  2. 2. Meet Sam2 Sam’s an up-and-comer who has active online accounts with his bank, credit issuers and social networking sites— including LinkedIn. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  3. 3. Sam’s got a password problem3 Sam’s LinkedIn password was one of 6.5 million passwords posted on a Russian hackers’ website. His password was iAmSam. He used this password for his primary email and many other accounts. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  4. 4. Sam’s not happy4 He reads on The Verge, a great source for tech news, that LinkedIn stored passwords as “unsalted SHA-1 hashes. SHA-1 is a secure algorithm, but it is not foolproof if your password is simple and short. LinkedIn could have made the passwords more secure by ‘salting’ them.” Salt. Hash. Huh? © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  5. 5. 5 Sam is confused What do passwords have to do with greasy diner food? © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  6. 6. Sam does his homework6 He learns that many websites— including LinkedIn—encrypt passwords in an effort to protect them. The encrypted passwords are called hashes. The site stores the hashes on its servers instead of the passwords themselves. For example, a website could use an SHA-1 or Secure Hash Algorithm to convert iAmSam to c743bb2561f20745330122 dcc254abaf524e277d. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  7. 7. 7 Sam learns why salt is good To make password hashes more secure, a system adds salt (or random characters) to the beginning of the password. Then it converts the new, salted password into a hash. So the iAmSam password would be salted to look like RoUTiAmSam, then hashed into ebc5047362323f1e29c1cb3d457594b1ca4ea2bc.© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  8. 8. 8 LinkedIn didn’t add salt© 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  9. 9. How the hackers get in9 Hackers armed with your hashed password and username can: 1. Log in to your LinkedIn account 2. Lock you out 3. Spam your contacts When your contacts click on links in their spam email, they let the hackers in by downloading malware. This malicious software gives hackers access to their computers. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  10. 10. Hackers love Sam10 Then the real trouble begins. Once they’re in your computer, hackers can gain access to your personally identifiable information, such as a birth date, look up your mother’s maiden name and launch serious identity theft. The real problem: Like so many people, Sam uses one password for most of his online accounts. Hackers love Sam because he used his LinkedIn password on his primary email account, so now they can access his email. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  11. 11. 11 Sam’s password is his identity Sam’s email address is a key piece of his identity on the Internet. Often it is his username for an online account. Armed with his email address and password, hackers can enter his accounts, reset Sam’s passwords and gain control. To make matters worse, Sam saved copies of his printed identification—his passport and Social Security number—in his email account. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  12. 12. 12 Sam’s vulnerable LinkedIn users are at greater risk for fraudbecause: 1. They have higher incomes. 2. Their profiles are meant to be viewed by strangers. 3. They are often lax with their privacy settings. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  13. 13. Sam swings into action13 He follows these seven tips: 1. Change your password 2. Create a strong password 3. Make it even stronger 4. Use unique passwords 5. Consider a password solution 6. Alert others 7. Beef up security © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  14. 14. Sam Smart greeneggsandham@smail.com14 1. Change your password Log in to your account. Go to settings and click on “Password Change.” © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  15. 15. 15 2. Create a strong password It should be long. Think of a good quote or song and use the first letter in each word to make a long password. Sam uses a line from his favorite Dr. Seuss book. Quote: “You’re off to great places. Today is your day!” Password: yotgptiyd © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  16. 16. 16 3. Make it even stronger Include numbers, upper- and lowercase letters, and symbols. For example, “3Dogz$$!” is better than “1006.” Or substitute numbers for letters that look similar (for example, substitute “0” for “o” or “3” for “E”. Sam replaces the “o” with “0” and the “d” with “6.” Old password: yotgptiy6 New password: y0tgptiy6 © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  17. 17. 17 4. Use unique passwords Avoid using the same password twice. If that old LinkedIn password is used on other websites, go to those sites and change the password immediately. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  18. 18. 5. Consider a password manager18 Sam is annoyed. How will he remember his passwords? He checks out password managers like OneID, 1Password and KeePass. They make it easier for you to remember, manage and secure your passwords. Some are free. Others have monthly fees. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  19. 19. 6. Alert others19 If your account is compromised, alert your contacts so they don’t become victims. Notify LinkedIn to regain control of your account or freeze it. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  20. 20. 20 7. Beef up security • Sign out of website accounts after you use them. • Set your account information and privacy settings as tight as possible. • Keep your antivirus software up to date. • Don’t publically share personal information. • On social networks, only connect to people you know and trust. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  21. 21. Sam is glad21 Now Sam uses strong, unique passwords for different online accounts. He feels good knowing he’s doing everything he can to protect his identity. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012
  22. 22. 22 Be proactive If you suspect you’re a victim of identity theft, call your bank, credit union or insurer. They may offer identity theft protection. Or call Identity Theft 911 1-888-682-5911 Don’t be afraid to ask lots of questions. © 2003-2012 Identity Theft 911, LLC. All Rights Reserved June 11, 2012

×