After news that LinkedIn accounts from a hack that happened four years ago in 2012 had resurfaced and were on the dark web market people were shocked. What people had thought to be nothing more than 6.5 million hacked accounts back in 2012 turned out to be more than that? It turned out that the hack had actually produced around 117 million email and password combinations.
After the hack had resurfaced, LinkedIn acknowledged the hack and batch of login credentials that were on the dark web. If the hackers can manage to crack the encryption that is on the passwords, which they likely will because the encryption is easily crackable, the hackers can gain access to people’s various accounts on other sites and platforms. People tend to reuse the same password or stick to one password for a long time, therefore, if hackers get the LinkedIn passwords, it might be a great risk for users.
LinkedIn users at this point are being urged to change all their passwords regardless of whether they had accounts back in 2012, or they think they were not hacked back then, and their information is not part of the 117 million hacked accounts data. Users are also being urged to put two-factor authentication system which needs confirmation from a text message sent number every time the user logs in from a different and new computer.
The resurfacing of the hacked data is surely going to put blushes on LinkedIn bosses cheeks. The company’s 2012 security policy, which was at the time not very strong means the hackers can easily penetrate and crack the passwords that are in the data breach even though they have encryption. Tech companies and social media networks have beefed up their systems nowadays, but back then LinkedIn had not put in the extra layer that makes the passwords even harder to break the system.
LinkedIn is now on the defensive, and they are trying many ways to stop people from using and sharing the stolen information on the web. This is near impossible to do. The company has also been trying to make invalid all passwords and customer accounts that have not been updated since the details were stolen four years ago.
LinkedIn said that they were trying their best to reach each and every member who was affected by the breach, a tough task considering that the breach affects a quarter of the website’s members. The business social network currently has 433 million members.
Computer security experts, on the other hand, are wondering why LinkedIn could not say what had happened during the hack, or at the very least acknowledge it then. Brad Taylor, CEO of cyber security company Proficio said that if the company only discovered that the number of accounts affected were this high, then definitely they did not do a forensic analysis.
The dataset is for sale on the dark web marketplace called The Real Deal, and a hacker named Peace is responsible. The database is up for sale for 5 Bitcoins or $2,200.
LinkedIn replied to the hack via their Chief Information Security Officer, Cory Scott, who said that the company was taking safety and security of their members seriously.