LinkedIn attack of 2012; the repercussion still haunts!

Linkedin attack

LinkedIn faced a massive data breach in 2012, where the email addresses and passwords of 117 million users were put up for sale by the cyber hackers.

LinkedIn is an American based company that provides job oriented services to people across the globe. These are operated in both websites and application form.

Basically LinkedIn was launched on May 5, 2015 that uses professional networking and is a platform for the job seekers to post their resume/CV and the employers to hire them. In 2015, most of the company’s income came from selling the information of the job seekers to their respective employers. By December 2016, the company was wholly owned by the subsidiary of Microsoft.

In 2016, LinkedIn had officially 760 registered members across 150 different countries.

At some point, LinkedIn came to know that 6.5 million credentials of their users were posted on a Russian password forum for the whole world to see.

Eventually they found that a hacker named “Peace” is using this information to earn virtual currency. He sold each of these information for 5 Bitcoins.

Paid hacked data search engine also claims to have some of the missing data.

Based on a thorough enquiry, the hacked data contained information about 167 million accounts with 117 cracked passwords and not just 6.5 million credentials.

As a quick response, LinkedIn asked all of their customers to change their account passwords after the attack.

How LinkedIn responded to the attack

In 2012, LinkedIn faced a data breach where the hacker was allowed unauthorized access to some of the private information of the users. As soon as the attack took place, we formed a quick response team which guided the users to reset their account and password that were compromised. Additionally we advised the users recheck the account settings and make sure they set a strong and unique password.

LinkedIn has come to know that an additional set of data has been released that claims to contain password combinations of more than 100 million members from the same cyber-attack. We will discredit all the account that was impacted and we will directly contact the members of the happening to make sure that they reset their passwords. We guarantee you that this attack was never a result of security breach.

We are more concerned about the privacy of our members. For several years we have strengthened every passwords in our database and we always promoted protection tools like email challenges and dual factor authentication. We direct our members to visit the safety center and enable the two step verification process.

As per the source released by ‘Motherboard’, the stolen data resides in two places. One an illegal market place named The Real Deal and the other a hacked data search engine ‘Leaked Sources’.

“It’s only coming to the surface now. People may not have taken it too seriously back then as it was not spread”, an individual associated with Leaked Sources reportedly told the Motherboard.

By examining one of the sample stolen, Motherboard claims that the password were protected to a certain extent by never “salted”- adding additional layers of protection to strengthen the password and make them hard to crack.

After effects

  • If you were a LinkedIn user since 2012, then there are possibilities of your account details to be stolen and put up for sale.
  • After the attack LinkedIn sent private advice to the members to reset the password within a given timeframe or else the account will be deactivated.
  • If you have used the old LinkedIn passwords to any other websites and yet not changed them, you are vulnerable to attacks. This is because the hacker knows that the user will have used the same password to different accounts and they use their tools login to them.
  • If you have used the same LinkedIn password to your email account, immediate action must be taken to reset them because your email account provides more of your personal information to the hacker.

Prevention criteria

  • When you feel you are at risk or vulnerable to cyber-attacks, reset your password immediately. This reduces the risk of compromising your account.
  • Never reset you password from an external unknown link. Always use the account settings to reset your password.
  • If you do not LinkedIn frequently, close the account or log out from the account. Uninstalling the app does not close your account.
  • Never use the same password for different accounts. This makes the attacker to easily gain access to all your accounts through a single password. Don’t make it life easy for the criminals to get into your privacy.

2 comments

Leave a comment

Your email address will not be published. Required fields are marked *