The 2012 LinkedIn data breach is one of the largest data breaches in history. It is essential for users to monitor their accounts and change their passwords regularly to stay safe. These breaches have exposed millions of users’ data, including personal information and login credentials, which can be used for malicious purposes such as identity theft and account takeover. The data of approximately 700 million users was believed to be included in the archive. ![]() 2021 Breach: In June 2021, LinkedIn reported that an archive containing data scraped from the platform, including user IDs, full names, email addresses, phone numbers, and workplace information, had been posted for sale on a popular hacker forum.The company claimed that no financial or payment information was compromised. ![]() The data included LinkedIn IDs, full names, email addresses, phone numbers, genders, and professional titles. 2018 Breach: In September 2018, LinkedIn suffered another data breach where attackers accessed the data of 700 million users.The company also required all affected users to reset their passwords. 2016 Breach: In May 2016, LinkedIn experienced another data breach where 117 million email and password combinations were stolen.The company only became aware of the breach in 2016, and it forced all affected users to reset their passwords. 2012 Breach: In 2012, LinkedIn suffered a massive data breach where the hackers stole 167 million user records, including usernames and passwords.Even after new security measures are in place, there may still be a need to address issues created from a breach years earlier.LinkedIn has experienced several data breaches over the years. It is also an example of the importance of continual evaluation and action by any company whose passwords have been compromised. It’s a reminder that the size of a data breach is seldom known immediately, and that the ramifications for a company-just in terms of account security-can linger for years. This latest resurfacing of an older breach should serve both as reminder and example. In thinking about theft-of-password situations, it is important to remember that they are theft, and that law enforcement agencies like the FBI can be brought in to assist in investigating theft of electronic assets, which includes users’ passwords. Specifically, salting is primarily used to defend against dictionary attacks, in which a cybercriminal tries to determine a decryption key by trying multiple passwords that are more likely to succeed (e.g., list of words from a dictionary).Īfter the 2012 attack, LinkedIn worked with the FBI to investigate the password theft. In his blog post, Cory Scott noted that LinkedIn has been “salting” or appending random data to passwords before they are encrypted to make them less decryptable/breakable for several years (probably since the 2012 theft). Originally, LinkedIn suspected that 6.5 million encrypted passwords were stolen, but it now seems that number may have been as high as 160 million e-mail and password combinations. The notices included the following instructions (received on May 19): In response to the breach, LinkedIn invalidated passwords for accounts created prior to the 2012 breach whose owners had not updated their passwords since the 2012 breach, and they also began letting individual members know if they needed to reset their passwords. We have no indication that this is as a result of a new security breach. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. ![]() This recent release is related to a 2012 unauthorized access and disclosure of LinkedIn members’ passwords: Last week on the official LinkedIn blog, the company’s chief information security officer, Cory Scott, reported the company had become aware of an additional set of data that has just been released consisting of e-mail and hashed password combinations of more than 100 million LinkedIn members.
0 Comments
Leave a Reply. |