May 18th 2016
What's the issue?
LinkedIn has confirmed in a statement released today that over 100 million LinkedIn users' email login names and passwords stolen from a data breach in 2012 have been decrypted and are being sold in the Dark Web illegal marketplace. The data breach that happened in June of 2012 was originally thought to have exposed 6.5 million LinkedIn users' emails and passwords, but now we know that number has increase significantly to 117 million, and potentially 167 million. At the time of the breach, LinkedIn responded by implementing a mandatory password reset for their members that they believed were compromised, in addition they also advised all members of LinkedIn to change their password.
What does this mean to me?
If someone were able to access your LinkedIn account profile as you, they could delete the account, publish information from it posing as you, or if you use LinkedIn's Business Services, get into your marketing campaigns and account profile information. If you use the same email address and password to login to other services, they may try these stolen credentials to also breach those accounts.
What should I do?
With these recent revelations, LinkedIn has taken immediate action to identify the accounts impacted and will be invalidating those passwords as well as forcing a password reset. We advise for all LinkedIn members to reset their passwords as a precaution regardless if their account has been impacted or not.
For all accounts and passwords, it is best practice to be proactive and reset your passwords every couple of months. Here are some other best practices that you should follow for all of your passwords:
- Use a password with 14 or more characters, and single-sign on techniques to speed up the daily access of using a long password
- Use a password with a combination of uppercase, lowercase letters, numbers and symbols
- Avoid using the same password for multiple accounts
- Enable two-factor authentication on any service that has it available
- Use private browsing mode and sign out of your accounts when you are finished using a shared or public computer
- Avoid selecting the option that saves or remembers your login credentials or keeps you signed in