Recently 117 million email addresses and passwords of LinkedIn users captured in a 2012 data breach of LinkedIn were offered for sale on the Dark Web, which is that part of the Internet where cybercriminals buy and sell stolen data. It may seem odd, but it is not unusual for such stolen material to turn up for sale long after the initial data breach. Back in 2012 LinkedIn thought that the data breach was limited to 6.5 million user names and passwords, however, earlier this week the company acknowledged that the data of 100 million more LinkedIn members were indeed compromised. In an effort to combat this problem LinkedIn is invalidating the compromised passwords and contacting affected members directing them to reset their passwords.
The stolen information is of value to the hackers to assist in formulating spear phishing emails that will seem to be from LinkedIn and will attempt to lure the recipient into clicking on links that will download dangerous malware such as keystroke logging malware or ransomware on to the intended victim’s computer. The stolen passwords are also of use to the hackers because too many people use the same password for all of their accounts and therefore a person’s LinkedIn password may be the same as their banking password which could enable the hacker to gain access to the intended victim’s bank account.
LinkedIn is contacting people affected by the data breach and instructing them to change their passwords. It is important to note that LinkedIn will not ask people to click on a link to change their password in any email so if you get such an email, it is from a hacker seeking to steal your identity. If you are affected by this data breach, here is a link to where you can safely change your LinkedIn password. https://www.linkedin.com/uas/request-password-reset?trk=li_corpblog_corp_security
LinkedIn also offers dual factor authentication by which you can have a one time numerical code sent to your smartphone each time you need to access your LinkedIn account. This is a good security measure to take.
Finally, this case serves as another reminder that you should have unique passwords for all of your accounts. A strong password contains capital letters, small letters and symbols. A good way to pick a strong password is to take an easily remembered phrase as your password. For instance, you can use the phrase IDon’tLikePasswords as your base password. Add a couple of !! at the end of the password and you have a strong password. Since you should have a unique password for each of your accounts, you can adapt this base password for particular accounts by merely adding a couple of letters to designate the company at the end of the password so it may read, for instance for a Bankr of America account, IDon’tLikePasswords!!BnkoAm.