Recently I was made aware that my personal email account was some where on the black market from an alert from Lifelock. OK, I can see how that can happen when LinkedIn dropped the ball on security. It was attributed to the LinkedIn Hack from a while back in 2012 and now the spoils of hacking resurfaced May 2016.
In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.
Compromised data: Email addresses, Passwords
The website havieibeenpwned has recorded the hacks and is a great source to use. The reason why I point you to that site is from a call to Lifelock that didn’t go the way I wanted it to go. First off I wanted to know what site out there has my information that they were able to scour and find. Lifelock Operator “I’m sorry sir, we don’t have that information in the alert. I can only see what you see. I do know that they scan 10,000 sites for this information.” Yes OK great, now please go get your supervisor. Supervisor “Sir, yes its true this happened and we urge that you change your password and maybe even your email account altogether.” OK Ms. Supervisor but where did you get that information from? I work in security and I work with ones and zeroes. Apparently, I can’t get away from the zeroes. If the site exists you must have a record somewhere with my email address and old password is located. All Ms. Supervisor could do was re-state the obvious that they didn’t have the information. How about your IT department I said, can they help us out? Nothing.
So later on trying to do something else I hop over to Netherlands and try to get some email and wouldn’t you know some Google Alerts say “hey someone tried logging in with your account”. I’m like yes, me. Shortly after the next day Lifelock gets the same thing and I get an alert sent to my cell. OK this is how Lifelock works. Working with Google finding out when someone attempted to use my account. Not impressing me.
Lifelock is basically selling Cyber Insurance and are not providing the details of where they found my information. This post is to challenge you to think what exactly are we getting for a service that I can’t get from News Sources on the web about breaches. Where is the proof Lifelock? That is my challenge to you. Don’t call me up and tell me something is out there…we all know that.
While you’re browsing the web, here is a nice article, recent too, about identity protection services not what its cracked up to be. Why Identity-Theft Protection Isn’t All It’s Cracked Up To Be (Kaveh Waddell)
A better eyebrow raiser Despite Promises, Lifelock Knows Public Data is A Risk Guess I’m not the only one calling Lifelock out in the street.