By Blake Neff
LinkedIn has become the latest company to be rocked by a massive security breach, as a hacker has put an astonishing 117 million user emails and passwords up for sale.
The hack in question, which was first reported by Motherboard, traces back to 2012, when 6.5 million LinkedIn passwords were stolen and posted online. The incident was extremely embarrassing for the company, as it exposed that its security practices were deficient and made it extremely easy for hackers to crack encrypted passwords.
Now, a hacker by the name of “Peace” claims that 2012 breach was much larger than initially believed. He’s offering to sell a database with information on 167 million accounts, about 117 million of which contain both an email and a password. Peace says he’ll give the database to whomever is willing to pay him 5 bitcoin (worth about $2,300 currently). (RELATED: Federal Workers Raided Student Loan Data For ID Theft)
LinkedIn reacted to the 2012 breach by resetting the passwords of all accounts it believed to be affected, and now it will likely have to repeat that stunt on a much larger scale. While the company doesn’t appear to have been breached a second time, this new reveal is still extremely bad news for the company, as it reveals the company’s 2012 response wasn’t nearly strong enough.
“If LinkedIn is saying now that it didn’t know which accounts had been affected by the breach, then the sensible thing to have done at the time would have been a system-wide forced reset of every password,” cybersecurity expert Rik Ferguson told the BBC.
So if you have a LinkedIn account, what should you do now? There are several basic steps you can take to improve your online security:
- Obviously, changing your LinkedIn password is a good start. While you’re at it, make sure it’s a sound password (a series of random words works well), and not a weak one such as “linkedin.”
- Change your password for any accounts that use the same Password as your LinkedIn one.
- In the future, avoid using identical passwords for any accounts that carry important personal or financial data.
- Activate two-step verification (2SV) on LinkedIn and other websites. When activated, 2SV requires you to input a password sent to your phone or email whenever somebody tries to log in to you account from a new device. This means hackers can’t access your accounts, even if they have your password, unless they have also hacked your email or have physical access to your phone.