May 30, 2016 - Posted in Security
A few years ago, LinkedIn was hacked and what was originally thought to be 6.5 million passwords compromised, turned out to be almost 117 million passwords.
LinkedIn acknowledged the breach and that login credentials are being sold on the black market by hackers. Linkedin released a statement saying, “On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.”
The moral of the story? Secure your passwords!
The best practice is to make your passwords 12+ characters, including numbers and symbols, and change the password regularly.
Now, we know that changing your password isn’t something that many people regularly do, so the next best thing is to make it as secure as possible.
We recommend using a service such as Lastpass to automatically generate a unique, secure password for every site, which will go a long way to preventing unauthorized access to your accounts. The great thing about Lastpass is that everything is stored in their secure system, and passwords are automatically filled for everything you need once you sign in once your computer boots up, which saves a ton of time and makes it so that you no longer need to remember a bunch of different passwords. The basic version is free, so why not give it a try?
So what can you do if despite all precautionary measures your service (or WordPress) has been hacked?
You should change ALL your passwords immediately (WordPress login, FTP, hosting account, etc.), as you don’t know which passwords, if any, have been compromised. Better to be safe than sorry! Also, adding two-factor authentication enhances the security of your account (if available, such as on Facebook, GMail, Dropbox, many banking systems, etc.).
If your website has been compromised, there is a good chance that there is some unwanted software that has been installed, which makes it easy for hackers/bots to get into your site DESPITE changing the password on your end. For that you’ll most likely need our assistance, as we need to comb through your files to find out which have been infected (a process that usually takes between one and four hours, depending on the severity of the attack).