Weekly podcast: LinkedIn passwords, dodgy doorbells, and security blogger awards

Due to Neil being away this week, it was my turn to do the podcast. I strongly suggest that you read this week’s edition rather than listen to it.

In this week’s podcast, we look at a database of LinkedIn login credentials, a smart doorbell with some issues, and nominations for the EU Security Blogger Awards 2016.

Hello and welcome to the IT Governance podcast for Friday, 20th May. Neil is off this week, so you’ve got me for the next few minutes – apologies in advance. Here are this week’s stories.

LinkedIn, the successful business-focused social media network – also a popular ‘solve a maths question’ platform – has been in the news this week for a data breach that happened in 2012. Back then, 6.7million email addresses and passwords were taken from LinkedIn and posted online. And now this week, a cyber criminal has put a database of 117 million email addresses and passwords up for sale.

One of the people behind LeakedSource.com, a search engine that’s got a copy of the data, spoke to Motherboard about the data and said “It is only coming to the surface now. People may not have taken it very seriously back then as it was not spread […] to my knowledge the database was kept within a small group of Russians.”

The database is up for sale for 5 bitcoin, roughly $2200.

An interesting side-note to this story is that LeakedSource.com has decrypted 90% of the passwords and found that the second most common password on LinkedIn was ‘LinkedIn’. Clever.

‘Ring’, a smart doorbell (yes, they exist), has been discovered to suffer from a flaw that’s enabled some users of its Ring Doorbell Pro service to view other users’ porches. The doorbell, equipped with motion sensors and a camera, sends a live video feed to the owner’s device when someone is either at their door or has rung the bell.

Useful indeed. However, Android Central began receiving reports this month from users who have had access to the live feeds of other people’s porches. Android Central reached out to Ring, who released a statement:

“Here’s what happened. We use random numbers to generate a call ID from Ring products. We did a very robust Beta test of the new Ring Video Doorbell Pro on experimental software, and when we moved it out of Beta for the commercial launch, some customers’ numbers were in two different databases. As a result, those call ID numbers were overwritten”.

In short, a database error. Ring believes that this error occurred fewer than ten times.

Finally, a slightly different topic. Voting is now open for the European Security Blogger Awards 2016. As expected, there are some fantastic people in the running for an award across several categories. A few that I’m a big fan of are IT Governance Publishing author Brian Honan, the excitable Graham Cluley, and regular guest author on our blog Stuart Winter-Tear.

I invite you to go and vote; you can find the link in our Twitter feed.

Well, that’s it for this week. Neil will be back next week. Until then, remember that you can keep up to date with the latest information security news on our blog. And whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.