LinkedIn Data Breach May 2016

What happened?

Account information of 117 million LinkedIn users has surfaced on the online black market. The hacker responsible is seeking 5 bitcoins ($2,200 USD) for the database of users’ email addresses and encrypted passwords.

An additional 50 million LinkedIn email addresses, without passwords, are also for sale.

The information was apparently stolen during the 2012 LinkedIn data breach. Following the breach, 6.5 million encrypted passwords were posted online. Within weeks, 200,000 of the encrypted passwords were successfully decoded.

LinkedIn never specified the full extent of that breach. However, LinkedIn now acknowledges this as a credible threat and is re-investigating the matter.

“It appears that more [accounts] had been taken then, and just posted now,” spokesman Hani Durzy said in a statement to Bloomberg. “We are still determining how many of these are still active and accurate, since the data would be about four years old now.”

It is important to note that while the passwords are older and encrypted, it does not mean they are secure.

LeakedSource, a search tool designed for breached information, analyzed a one-million-member sample of the exposed data. Within 72 hours of receiving the encrypted passwords, they were able to decode 90 percent of them.

Additionally, because no mass password-reset was mandated following the 2012 data breach, many users may still be at risk — especially if they have never changed their password.

What should you do?

LinkedIn members are urged to take the following actions to protect their accounts and professional networks.

  1. Change your password
    Passwords should be at least eight characters in length and include a complex mix of letters, numbers and symbols. Change your password frequently and never use the same password across multiple accounts.
  1. Watch for phishing emails
    Targeted phishing attacks are also expected to follow the LinkedIn data breach due to the exposure of email addresses. Never provide account information via email and be hesitant to click on links within them, especially if the email appears to be from LinkedIn.
  1. Be wary of what friends post
    With approximately 430 million LinkedIn users, this breach has the potential to impact nearly 30 percent of LinkedIn members. It’s likely someone impacted could be one of your connections. Be cautious of friends sharing suspicious links or requesting money or personal information — their account could be compromised and, thus, being used by someone who purchased their information on the dark web.
  1. Enable two-step verification
    Two-step verification requires username, password and a code sent directly to your mobile phone to access your account. This provides an additional layer of security while helping alert you if anyone attempts to take over your account.

For more information on adjusting your privacy settings, please visit our LinkedIn Privacy Settings Tutorial.