13 July 2016

LinkedIn warns users after 117m passwords stolen

| Charlotte
Join the conversation
7
LinkedIn

Days after media reports of a massive data breach at LinkedIn surfaced, the business networking platform has told its members that the breach first occurred in 2012 but that the data is only now being made available online by hackers.

The hackers have reportedly this month tried to sell a database containing 117 million passwords that was stolen from LinkedIn in 2012. LinkedIn has confirmed that stolen data included member email addresses, hashed passwords and LinkedIn member identifiers.

Wired reports that Australian security expert Troy Hunt has uploaded the entire dataset to his data breach website, haveibeenpwned.com, so that LinkedIn customers can check whether their account was compromised.

[I checked all my own email accounts via Hunt’s site and found that one address had been breached twice, and another once. Two of the three were affected by the LinkedIn hack, with the third caught up in a 2013 Adobe breach.]

LinkedIn itself has today told its customers via email that it took immediate steps to invalidate the passwords of all customer accounts that it believed might be at risk when it learnt on May 17 that the data had been made public. This move affected accounts created prior to the 2012 breach that had not reset their passwords since that time.

In an email with the subject line “Notice of Data Breach”, LinkedIn told members it was using automated tools to attempt to identify and block any suspicious activity that might occur on customer accounts and was actively engaging with law enforcement authorities.

The social network said it had taken steps to strengthen account security since 2012, including using salted hashes to store passwords and enabling additional account security by offering members the option to use two-step verification.

However, it advised users visit the LinkedIn Safety Center to learn about enabling two-step verification, and implementing strong passwords.

“We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well,” the company said.

Customers with further queries can contact LinkedIn’s Trust & Safety team at tns-help@linkedin.com.

Join the conversation

7
All Comments
  • All Comments
  • Website Comments
LatestOldest

chewy14 said :

Thanks for that Charlotte.

I hadn’t received any notice from LinkedIn but I had been compromised. Now fixed.

Were you offered any jobs instead?

So it turns out its not just LinkedIn, and theres a lot more passwords involved, 642 million to be precise.

“Less than two weeks after more than 177 million LinkedIn user passwords surfaced, security researchers have discovered three more breaches involving MySpace, Tumblr, and dating website Fling that all told bring the total number of compromised accounts to more than 642 million.”

http://arstechnica.com/security/2016/05/cluster-of-megabreaches-compromise-a-whopping-642-million-passwords/

Maybe Charlotte can amend the title and add this in or do a follow up article.

Thanks for that Charlotte.

I hadn’t received any notice from LinkedIn but I had been compromised. Now fixed.

HenryBG said :

devils_advocate said :

I don’t really know what Linkedin is.
They keep sending me emails to join but I am suspicious of unsolicited offers (unless they are from Grocon).
What am I missing out on but not joining whatever it is?

You’re not missing much. It’s a social networking site focused on career. People tend to be careful about what they post and it’s very boring. Like a work morning tea but people are even cagier.

Thanks for that – I’ll continue to ignore them.

devils_advocate said :

I don’t really know what Linkedin is.
They keep sending me emails to join but I am suspicious of unsolicited offers (unless they are from Grocon).
What am I missing out on but not joining whatever it is?

You’re not missing much. It’s a social networking site focused on career. People tend to be careful about what they post and it’s very boring. Like a work morning tea but people are even cagier.

I don’t really know what Linkedin is.
They keep sending me emails to join but I am suspicious of unsolicited offers (unless they are from Grocon).
What am I missing out on but not joining whatever it is?

The whole database of 167 million accounts (only 117m contain passwords) was being sold for 5 BTC, or about $2,200 US.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.