May 27, 2016

Share Everywhere

LinkedIn Data Breach Causes Problems Years Later

A recent incident involving LinkedIn, the business-oriented social networking service, is showing that data breaches can cause big problems for companies and consumers — even years after the breaches take place. On May 17, 2016, LinkedIn discovered that information stolen in a 2012 incident was being made available online, and notified site users immediately the next day about what happened and what they were doing to fix it.

In 2012, an alleged 117 million email and password combinations were stolen by hackers. At the time, LinkedIn issued a mandatory password reset for any accounts they thought were compromised; all LinkedIn members were encouraged to change their passwords as well, just in case.

Fast forward to present day, and the 2012 breach has come back to haunt LinkedIn. The stolen data popped up online, and in an e-mail to LinkedIn users sent on May 25, 2016, the company said the published information included email addresses, hashed passwords, and LinkedIn member IDs, which are an internal identifier LinkedIn assigns to each member profile. They immediately invalidated passwords of all LinkedIn accounts that were created prior to the 2012 breach and had not undergone a password reset since the breach.

LinkedIn’s attempts to protect users, however, are extending beyond resetting passwords this time. They are also using automated tools to try and identify (and block) any suspicious activity on specific LinkedIn accounts. The proper authorities have been contacted and LinkedIn is working with law enforcement. They have demanded that anyone making stolen password data available must stop immediately, or face potential legal action.

In their e-mail, the company also shared that they have improved security features since the 2012 breach, which will hopefully prevent another incident like this from happening in the future. As examples, they noted that they use salted hashes to store passwords and offer two-step verification for members who are interested in additional security. LinkedIn also encouraged members to use strong passwords and to change them regularly. If you don’t change your password often enough because you have trouble remembering new passwords, consider using a password manager, which can help you keep all of your passwords organized.

Image courtesy of Flickr user Mark Doliner.

Follow Me

Heidi Daitch

Director, Strategic Programs at IdentityForce
Heidi is a busy working mom who juggles many of the same responsibilities and challenges at home and at work - a long list of things to do and not enough time to do everything. With so little time, Heidi tries hard to find simple, but effective strategies to save time for what’s really important – spending time with her family.
Follow Me

Join The Discussion

Your email address will never be published.