LinkedIn Hacked, More Than 100 Million Members Compromised

It’s been nearly four years since LinkedIn, the popular social network, was hacked, and now it seems the personal data of over a million members could be compromised as more of the stolen data is leaked. “We became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012,” LinkedIn said in a statement Wednesday, adding that they had no evidence indicating a new security breach.

They immediately began invalidating passwords of accounts that had been around prior to 2012 and had not been updated since. LinkedIn gave their assurance that account holders would be notified should they need to reset their passwords. “Regularly changing your password is always a good idea and you don’t have to wait for the notification,” LinkedIn said on the company blog.

According to Siliconbeat, the 2012 attack resulted in the passwords of members appearing in a list of 6.5 million passwords posted by Russian hackers. CNN reported that the cryptography used by LinkedIn at the time was outdated. As a result of the breach, LinkedIn enforced a compulsory reset for all the accounts it believed to be affected and advised all subscribers to change their passwords. Thinking that was the end of it, the method used and total number of hacked accounts was not published.

As most internet users are aware, no information is entirely safe on the internet, and according to reports, over 117 million email addresses and passwords of LinkedIn users are now being offered, for a price, on the deep web, says Bitcon News Service. A hacker group named “Peace” is allegedly responsible for the theft and is selling the data at a price of five bitcoins on a site called “The Real Deal” on the deep web.

LinkedIn is “an extremely attractive target for hackers,” said Dave Kennerley, senior threat researcher at cybersecurity firm Webroot. “It’s no secret that LinkedIn is a rich pool of data.”

The firm, which claims 400 million members in 200 countries, said it has “demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply.” In the meantime, LinkedIn will use “automated tools” to try to identify and counteract any suspicious activity on affected accounts.

Kennerly emphasized that people cannot depend on organizations to keep their data safe and should take “as many steps as possible to secure it themselves, in this case, ensuring that the password used for LinkedIn is different (from) other accounts is crucial – this will limit the potential impact on other accounts, including email, which can lead to other, more sensitive, information being stolen.”

Millions of users are affected by hackers on any number of platforms, as was demonstrated when users of an online dating and networking site had their accounts violated and information stolen by hackers, who then used their ill-gotten gains to blackmail the victims, demanding ransom in bitcoin.

The most effective way of keeping your online identity secure is to use complex passwords, including digits and symbols as opposed to simple, easily predictable ones, and change them regularly.

[photo via scyther5/Shutterstock.com]