I have been reading about 6.5 m "linkedin" accounts username/password posted on some Russian website by hackers in last day or two, gave 1 minute attention each and moved on. I thought I am not impacted even if my account is hacked.. at most what will happen ? I have not linked my bank account with it ! Hacker will get to know my profile and my contacts , so what ? there are other ways to get it any way. why would any one be so interested in my profile ? hacker can not sell it ...he can probably play with it and make it worse ..but I can still prove to "linkedin" and get it corrected.
Some what more thinking and realized it is not just about getting username and password , may be hacker's want to prove something ? . To some extend agree.. they want to prove that they can hack it and declare it to the world that they did it, which proves that social network are not safe ! but that did not convince me too as these things have happened in past and people still use it.
Next question, is there financial gain ? as I considered it to be utmost motivating :) . well ..not direct financial gain as "linkedin" is not financial organization but definitely there is indirect gain.
What really stumped me is when a day later that what can be done with my hacked account (not only of linkedin). I realized that there was an attempt to hack one of my personal e-mail account, which service provider thinks that was successful and I was asked to re-set password after successful validation of my identity. WOW , this is the account I hardly use and doubt if any one knows about it ..yet there wanted to hack it..and they did it successfully.
Then came "linkedin" account - When I logged in it said you are required to re-set your password via e-mail (not sure if this was hacked too) which is different from what is mentioned in one of the blogs here
i.e. "linkedin is working on mechanism to re-set the password but not by clicking links". I also checked official blog
of "Linkedin" which said it is a precautionary measure. Ah relieved ! I carefully followed steps to re-set password i.e. made sure non of the link given in e-mail points to a phishing site or site other than "Linkedin" .
So far so good ..I get e-mail notification on my registered e-mail ..good ..but what followed is stunning ..same e-mail confirmation to my all e-mail accounts (including the one that was hacked before ) . where did Linkedin get that information from ? I never provided it ? so ..Pandora's box is now opened ! Linkedin knows about me more then I told them , may be same is the case with other social network provider (Luckily I am not on Facebook ). who knows ?
Now , I am nervous and utmost cautious, it will be matter of time next time hackers can reach my bank account and do what ever they want ? (Exaggeration but possible). So changed all my password etc etc.. but will be wary about safety of my web identity , it is not that we look things in isolation any more everything is linked and any dent in any place can rock entire system.
On the other side, It remains to see what implications these has on enterprise world specially when moving onto cloud is next logical step for most corporates in case they are not doing already. And of course hopeful that this will be only one of instance.