Credit Infocenter

4-Year-Old LinkedIn Data Breach Rears Its Ugly Head in 2016: What You Need to Know

May 26th, 2016 · No Comments · Identity Theft

by Kristy Welsh

(Last Updated On: December 21, 2017)

4-year-old LinkedIn data breach rears its ugly head in 2016If you’re on LinkedIn, you probably saw an email from LinkedIn Legal yesterday. The topic: Notice of Data Breach. Not a new one, but a hack dating back to 2012. Here’s what you need to know about the LinkedIn data breach, then and now.

When did the LinkedIn data breach happen?

The breach was first reported on June 6, 2012.

Why is it in the news now, nearly 4 year later?

According to an email that LinkedIn sent to users on May 25, 2016, the company learned on May 17, 2016, that data stolen back in 2012 was now being made available online.

Plus, there are many more affected accounts than previously reported. In 2012, we were told 6.5 million accounts were affected. Now we’re finding out it was actually 177 million of them.

What data was stolen?

The breached data includes:

  • Email addresses
  • Hashed passwords (i.e., encrypted)
  • LinkedIn account ID numbers

Was LinkedIn’s security really that bad?

Evidently so. Even though they used ‘hashing’ to encrypt passwords, they didn’t use ‘salting,’ which should have been considered a given. Salting is basically adding a random string of characters to a password before it gets hashed, which makes it harder for hackers to figure out.

How is LinkedIn’s security now?

Better. They say they’ve been using salting for years now (presumably prompted by the 2012 breach). They also offer a 2-step verification process, which they encourage users to set up.

Learn more in the LinkedIn Safety Center.

How do I know if my account was affected?

Australian security expert Troy Hunt has this cool online tool that lets you search more than 100 hacked websites to see if your email is associated with any of the affected accounts. The results will tell you how many breaches your email is associated with. And, if you scroll down, it lists which ones they were. (They found 2 for me, one of which was, indeed, the LinkedIn breach.)

Check it out at HaveIBeenPwnd.com.

What is LinkedIn doing about all this?

As stated in their email, LinkedIn:

  • Is working with law enforcement on this issue
  • Has invalidated the passwords of accounts for users who had not reset their passwords since before the 2012 breach
  • Is using automated tools to identify and block suspicious account activity

What should I do?

If you haven’t already, adopt smart password management habits:

It’s also a good idea to keep a close eye on your online financial accounts and credit reports, so you can be alerted to suspicious activity as soon as possible. This is especially important if you know your information was hacked.

Check your bank and credit card accounts daily (or at least a few times a week).

As for monitoring your credit reports, you are entitled to free copies once a year – from all three major credit bureaus – through AnnualCreditReport.com. But you don’t have to request all three copies at once. You can stagger them so that you can get a sense of things three times a year, as opposed to just once.

You might also consider signing up for free year-round credit monitoring through services like Credit Karma, Credit Sesame, Quizzle, and WalletHub. Just keep in mind, you will have to give these sites access to the information necessary to monitor your credit reports and scores.

Tags:

No Comments so far ↓

There are no comments yet...Kick things off by filling out the form below.

Leave a Comment