I knew you wouldn’t listen, but that’s okay. A few years back, in 2012, LinkedIn was hacked. We covered the story then, noting that nearly 6.5 million LinkedIn accounts were in danger. That’s a laughably tiny figure compared to the real number of accounts that were exposed, and the truth is only just now coming to light.
According to Motherboard, passwords and usernames for more than 117 million LinkedIn accounts were actually stolen, and now one hacker is trying to unload them for a sweet Bitboin payday. The news outlet spoke with LeakedSource, which said only a “small group of Russians” ever knew about the extent of the hack and that most of the encrypted passwords owned by the hackers were decrypted in just 72 hours. LinkedIn now knows about the breach but, terrifyingly, seems to have only learned about the extent from the news article.
“Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012,” LinkedIn said in a recent blog post. “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indicated that this is a result of a new security breach. We take the safety and security of our members’ accounts seriously. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication.” LinkedIn said it’s also going after the hacker who is trying to sell the passwords and said it will “evaluate potential legal action” if they fail to comply with demands to take the account data off the market.
We recommend changing your password just to be safe. You should also probably turn on two-factor authentication so that you have a second barrier of protection on your account moving forward.