Although hacked apart online services are par for the course these days, LinkedIn’s 2012 breach was actually far worse than initially thought. While it was reported that a few million may have been affected, the latest number pegs the hack as having stolen the details from some 117 million users instead.
The reason that number is so concrete too, is because someone claiming to be responsible for the hack is looking to sell that information. It’s currently up for sale on a dark net marketplace for five bitcoins (roughly £1,500).
LinkedIn’s response has been rather formal for a company dealing with a major breach. It’s said it has “demanded that parties cease making stolen password data available,” though the LATimes isn’t reporting how that message was sent, or how LinkedIn would plan to identify anyone involved with the hack or sale.
‘Be great at what you do’, but terrible at protecting user details.
It has at least begun invalidating any passwords that haven’t been changed since the 2012 hack, but it goes without saying that you should make sure you have changed yours manually if you haven’t altered it since before the hack. LinkedIn is also emailing potentially affected members and advertising the breach through banner ads on its site.
Also, whatever you set it too, make sure it’s unique and not something that another site or service hack could weaken.
Although the details stolen as part of the LinkedIn hack were not stored in plaintext, they were only secured with SHA1 with no salting. LeakedSource reports that it was able to crack the passwords within just a few hours of working at them.
Part of that though was because of how often people used the most basic of passwords. Almost a million users had “123456” as their password. More than 170,000 used “linkedin” as it. These are not the sort of passwords that will keep your accounts safe.
Discuss on our Facebook page, HERE.
KitGuru Says: Seriously guys, here’s the steps: password manager, long, complicated, password with multiple capitals, numbers and special characters. Unique passwords for every service and preferably a unique email to a catchall account too.