2012 Linkedin data breach exposes 100 million Linkedin accounts

Linkedin hack

Linkedin hack

2016-05-27: Linkedin reveals user data exposure was bigger than predicted after 2012 data breach

Last Wednesday Linkedin made a surprise announcement that hit the online security community like a bomb. If you think it couldn’t get worse after the 2012 Linkedin hack which exposed approximately 6,5 million users. The crew responsible for the initial attack had a hidden card up their sleeve…

Last Wednesday Linkedin surprisingly announced that, from the same data breach, the hack affected another 117 million email and password combinations—not the 6.5 million reported in the past. On Wednesday they were posted for sale on the Darkweb but if one considers the time between the hack and the sale a lot of assumptions can be made:

If we take into account that the majority of the web users reuse the same password and username for most websites (my gestimate prob 80 to 90 %). Consider this:

  • Linkedin data breach

    The time between the hack and publication left an enormous gap for the hackers to data mine the information

  •  The fact that they release it now makes me assume they got the most important accounts data and know what to do with it or already did it
  • How can a company like Linkedin first (boldly) admit they had been hacked and advised to change your password (no mention of other sites with the same password)
  • How is it possible that, from the time from the initial breach, it was not noticed that so more many accounts were affected and a staggering amount of 167 million combinations of usernames and passwords were on the black market for anybody to abuse. If we look at the time line (2 years!) and the severity of the initial attack how was this unnoticed?

If we not take the above facts into account what are we looking at?

In the two years that went by Linkedin users that reuse passwords will have been the subject of a number of cyber attacks depending on their social status and profile. This can range from ransomware attacks with the associated cost attached for home users to network intrusions and industrial espionage in any company that hasn’t deployed at least two factor authentication.

So what does this mean to you?

If you had a pre 2012 Linkedin account your login information is publicly available to anyone to download. A vast majority of the user base out there hate changing passwords so when not forced they will keep them the same. Irregardless what website if you use the same username and password for other sites you must change all the passwords for those websites and the Linkedin website (If you are still using that old password). The hack was done in 2012 so the usernames and passwords are from that period, Linkedin does not require you to change them periodically so few people do.

Moral to the story and my advice to you

If the above applies to you have a look at a secure password manager (I use LastPass) . This type of software keeps your passwords locally encrypted and cached (unlike your browser) and doesn’t keep your data on it’s servers. Allow me to shameless plug:

BETTER PASSWORDS, BETTER SECURITY.

LastPass has the tools to help you follow best security practices, with a unique, strong password for every account.

Generate Random Passwords

The built-in password generator will create long, randomized passwords that protect you from being hacked.

New Account, New Password

Don’t waste time creating a new password when registering on a website. LastPass does it for you and remembers it for later.

Audit Your Passwords

Use the LastPass Security Challenge to find weak, duplicate, old, and vulnerable passwords that are lurking in your vault.

Auto-Change Passwords

Hate changing passwords? LastPass can do it for you, in one click! Stronger passwords, without the hassle.


In addition to that it does form fill once it captures your information so you don’t have to fill out registration pages every time you want to download software or you want register for an event. The whole thing is encrypted with an AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud and the locally cached database is also encrypted. Basically means nobody but you knows the passwords.

Integrates with all browsers so no more guessing what was that username/password again for that website you registered 6 months ago and the coolest feature I find is automated password generator and renewer. For every website it creates and stores a complex password that is stored in the vault and replicated to all your devices.

Bold conclusion but necessary

Protection is your responsibity

As the world wide web grows, cybercrime is peaking

The times have changed, the hackers have evolved with it, the companies and financial institutions have implemented expensive 3 factor authentication mechanisms but you as the home user were left behind.

My recommendation is to research a product like Lastpass, give it a try and arm yourself against the latest forms of malware and viruses like ransomware and phishing. The bad guys move fast, this is not 1999 anymore and as an end user I advice to be vigilant and alert. I have seen the number of attacks become more sophisticated and more wide spread. A small investment can save you a lot of money.

My settings

  1. Unique random password for every site, auto generated
  2. At least 12 characters,letters, numbers and symbols
  3. 12 character master password changed every month
  4. Firewall with real time monitoring (Comodo for example)
  5. Browser plugins preventing cookies AND cross site scripting
  6. Antivirus and rootkit detection software
  7. Onsite and offsite backup
  8. Different passwords for each site!

You only realize how important that login or data was to you untill you either lost it or somebody is asking you ransom for it. Don’t be that guy! Here’s a link to LastPass, it’s got a free and payable version, it makes your online life so much more easier and secure. Better than be on a public hacked account list!

https://lastpass.com/features/

https://lastpass.com/features/

[su_qrcode data=”Referral from virtualb.eu” title=”Scan this code to take you to the LastPass website to have a look at the features of a modern day password manager.” align=”left” link=”https://lastpass.com/features/”]

Speak Your Mind

*

%d bloggers like this: