You may recall the big data breach at LinkedIn back in 2012. At the time is was big news because nearly 6.5 million users were compromised. To it’s credit LinkedIn acknowledged the hack on it’s blog.
It also outlined some best practices for protecting your information and outlined the steps it was taking to protect User Accounts.
LinkedIn responded very quickly with a mandatory password reset for all affected accounts and advised ALL members to change their passwords as a matter of best practice.
Well that should have been the end of that. Only it isn’t. Apparently the breach was much worse that even LinkedIn thought at the time. And last week they released another statement on the LinkedIn Blog.
Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.
So if you were a member of LinkedIn back in 2012, your information may be out there for anyone to take.
According to an article in the Huffington Post this weekend – it could be very bad new for a lot of people.
Damon Beres, Senior Tech Editor at The Huffington Post had a great example of how this information could be used – especially if you use a gmail account to login to your LinkedIn account and happen to use the same login to access your actual email.
If a hacker sees from the LinkedIn hack that your email address ends in @gmail.com, he or she might try logging into your inbox with the same password from the LinkedIn breach. If it works, all of your messages are now exposed, potentially including banking information or allowing access to other sites.
Are you scared yet? You should be. LinkedIn is the nexus for B2B social selling. So even if you aren’t vulnerable – one of your trusted contacts may be.
So what can you do to protect yourself? Immediately change your LinkedIn password along with any other accounts that use that same login information.
Finally, if you haven’t done so already enable two-factor authentication on your LinkedIn account that will send you a text message whenever a suspicious login occurs from a new computer or location.
To read the original Huffington Post article, click here.