Skip to main content

The sign up page of Linkedin.com is seen in Singapore in this file photo taken May 20, 2011. Social networking site LinkedIn and online dating service eHarmony warned that some user passwords had been breached after security experts discovered scrambled files with passwords for millions of online accounts.

DAVID LOH/REUTERS

Security breaches at LinkedIn and eHarmony have highlighted an escalation in attacks on social networks from hackers seeking to exploit personal data, according to security firms.

The professional networking and dating sites have both confirmed that "some" of their users' passwords have been stolen. They have not disclosed how many but security experts said hackers have posted a total of 8 million encrypted passwords online, the bulk of which came from LinkedIn.

LastFM, a U.K.-based social network focused on music owned by CBS, on Thursday also admitted some of its users' passwords had been stolen. Like LinkedIn and eHarmony, it advised users to change passwords.

Story continues below advertisement

Experts called the LinkedIn hack "one of the largest we've seen," and a sign that cybercriminals are showing an increasing preference for targeting social networks, including Facebook, Twitter and Pinterest.

"Now they've switched over to social networks," said Graham Cluley, senior technology consultant at Sophos, a security research firm. "The anti-spam features on these sites are nowhere near as mature as places like Hotmail and Gmail."

In April, social networks replaced financial organisations as the top target of phishing attacks – according to data from Kaspersky Lab. Phishing campaigns are spoof e-mails or spoof social networking messages that impersonate a business like LinkedIn in order to trick people to hand over their e-mail address or password or other personal information.

Kaspersky Lab estimates social networks accounted for 28.8 per cent of phishing attacks in April, a 6 per cent increase from March, due mainly to a surge of attacks on Facebook users.

The cause of this week's hacks are still unknown. LinkedIn has since added enhanced security features to its encryption process, a move Mr. Cluley said they "should have been doing earlier."

Mr. Cluley also said the openness of social networks to external programmers who develop applications left them more vulnerable to hackers. In addition, the personal nature of social networks makes it easier for criminals to impersonate someone, using their name and photo to contact their friends and work colleagues.

"If I get a message from someone who is a LinkedIn contact of mine, I'm much more likely to respond," said David Emm, senior security researcher at Kaspersky Lab. "They're using it as a layer of trust to spread their malware."

Story continues below advertisement

Cybercrime on social networks is turning into its own industry, said Jim Walter, manager for McAfee Threat Intelligence Service, as criminals hire underlings to generate more traffic and even ad revenue from these sites through automated botnets, or a collection of compromised computers.

"There's a whole underground economy around LinkedIn bots, Pinterest bots, Facebook bots, you name it," he said.

Report an error
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

If your comment doesn't appear immediately it has been sent to a member of our moderation team for review

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.