LinkedIn suffered major data breach in 2012. At that time, company estimated that around 6.5 mn accounts were affected and preventive measures were taken.
Over last few days, millions of LinkedIn passwords surfaced online. According to Motherboard, someone going by the name “Peace” is selling (if he hasn’t sold them yet) 117 million LinkedIn username and password combos on a dark web marketplace for 5 Bitcoins or around $2,300. Some people estimates that it contains really 167 million user names. It’s just that only 117 million have both usernames and passwords.The company has started invalidating passwords created before 2012, so you might receive a note to change yours if you’ve been a user for quite some time.
Meanwhile, LeakedSource got access to 167370910 LinkedIn accounts in total by scouring dark web. They were able to decrypt at least 117 mn accounts, meaning rest of the accounts might have used secondary access mechanisms such as Facebook/Google etc. All these passwords were using SHA1 encryption, which is fast becoming obsolete in web security standards.
- First line of defence is YOU. If you are lazy enough to set it as ‘123456’ , it can be hacked by even 4th grader.
- If you have a website/product or start-up developing piece of software, security should be your concern from Day One. LinkedIn got sued for $5 MN, for inappropriate security mechanisms which caused this data breach.
Here is table from LeakedSource about top passwords used.