Back in June of 2012, LinkedIn confirmed that they had been breached, and approximately 6.5 million user’s credentials had been compromised. Now, almost 4 years later that number has grown exponentially. Busy bee hacker “peace_of_mind”, or ‘Peace’ as they seemingly prefer to be referred to as, reported to Motherboard that they are in possession of 167 million LinkedIn database. Of those they have the credentials for 117 million accounts.
We’ve previously blogged about Peace, when they hacked Linux Mint, and sold user information on the dark web. They are at it again, selling LinkedIn user information for 5 Bitcoin, which amounts to about $2200 US. An operator at LeakedSource told Motherboard that they had been able to crack 90% of the passwords in 72hours. [i]
However, Tod Beardsley, Security Research Manager at Rapid 7 believes the passwords aren’t the real cause for concern for users, and that the real value is in the email addresses. “The most valuable data in the LinkedIn compromise may not be the passwords at all, but the enormous registry of email addresses connected to working professionals.” [ii]
LinkedIn’s CISO Cory Scott made a statement on the company’s website claiming that they “are taking immediate steps to invalidate the passwords of the accounts impacted, and [they] will contact those members to reset their passwords. [They] have no indication that this is as a result of a new security breach.”
If you are a LinkedIn member, we highly recommend taking a proactive step by going onto the website and updating your password immediately. If you are also in the habit of using the same password on multiple sites – stop that. Hackers realize that the majority of online users are creatures of habit and will maintain one or a slight variation of a password for more than one account. We know, that’s a lot to remember, but the odd struggle to remember which password goes with which account is a lot easier to manage than identity theft.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.
[i&ii] To read more about the details provided to Motherboard read here: http://motherboard.vice.com/read/another-day-another-hack-117-million-linkedin-emails-and-password