Old LinkedIn data breach resurfaces with 167 million accounts at risk
LinkedIn users may need to start changing passwords, as around 167 million accounts have been put up for sale online, including 117 million passwords. The seller is asking for over $2,o00 for the stolen data
The data comes from 2012, when the networking site was hacked. However, as Ars Technica notes, this reveals that the breach was far larger than initially believed; initial estimates of the 2012 breach suggested that around 6.5 million credentials were stolen, which is still a very significant amount, but this is larger by far.
A hacker by the nickname of “Peace” is offering the stolen data on the Dark Web marketplace “The Real Deal,” at a price of five Bitcoins, which comes to around $2,200. Should anyone purchase the data, it will give them access to the accounts and personal information of a multitude of users, not to mention the further damage that can be done with an oft-repeated password.
LinkedIn has begun contacting members, informing them of the breach and encouraging them to use strong passwords and two-step verification authentication, which can be set up directly on the website.
Strong password security is a must, both for users and LinkedIn. In fact, LeakedSource notes that the passwords were stored in SHA1, which is far below industry standards. CIO explains that best practices call for passwords stored in hashed form inside databases, while the passwords themselves should also be strong. Yet hundreds of thousands of LinkedIn users had “123456” as their passwords, which, as eloquently stated in the movie “Spaceballs,” is the kind of password “that an idiot has on his luggage.”
According to Christopher Budd, global threat communications manager at Trend Micro:
“This late revelation of the extent of a breach is a common thread between many of the major hacks we’ve seen in recent history. This also shows that immediate post-breach impact analysis can be difficult and inexact with additional users often affected outside of the primary scope. This underscores the importance of regular credit monitoring and extended identity protection as a personal and professional best practice.”
As the data is old, it is likely that many users have already changed their passwords by now, but there are still plenty who have not. Among those who have changed their passwords, there are those who still use the same password on other sites with the same email address. Anyone and everyone impacted by this breach should immediately change their passwords, both on LinkedIn and any other sites that use the same password, and set up two-step verification.
If you want to check if your account is at risk, you can check out haveibeenpwned. If you need some tips and hints for strong password security, check out SiliconANGLE’s top tips and tools for World Password Day.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU