If you have an account on LinkedIn, you may recall that they suffered a data breach back in 2012. At the time, they force-reset the passwords of all users believed to be impacted. Unfortunately, it now appears that the breach was much worse than was initially thought.
The technology site Motherboard has been in contact with a hacker who is selling the 2012 LinkedIn data on the Dark Web. The database he’s selling contains more than 167 million entries, and includes not only LinkedIn passwords, but also email addresses and passwords. To put that into some perspective, LinkedIn has some 400 million users in all, so this breach actually appears to have impacted more than a quarter of the company’s total user base.
The news sent LinkedIn into crisis mode, and they’ve taken the step of force-rejecting passwords set, reset, or created before the breach. They’re also contacting all impacted users with instructions on how to reset their passwords.
Since the breach, LinkedIn began hashing and salting their password data to make it more difficult to decrypt, but that’s too little, too late to impact this breach, and Motherboard reports that the hacker in question was able to decrypt some 90 percent of the passwords the massive database contained within seventy-two hours.
If you have a LinkedIn account, it’s better to be safe than sorry. Change your password now, and even better, enable the two-step password verification offered by the company as an added precaution. If you’re like many, if not most people, you likely use the same password across multiple sites. The danger then, is that armed with your LinkedIn password, a hacker could access your banking records, or any other account you’ve used that same password on. It goes without saying that if you’re in the habit of using the same password across multiple sites, you should reconsider that immediately, and this latest news underscores precisely why.