Remember That LinkedIn Breach Back In 2012? It May Have Been Bigger

Image courtesy of angela n.

Hey, do you remember back in 2012 when hackers hit LinkedIn, stole a few million passwords, and released them online? It was a while ago, so don’t feel bad if you don’t. LinkedIn simply can’t leave the breach behind, though: there are now another 117 million e-mail addresses and passwords for sale on an underground marketplace.

It might be time to publish another hundred or so volumes of the book an artist made full of leaked passwords. This isn’t especially funny, though. Sure, the data is old, but people do tend to use the same password from one site to another, which means that the credentials might still be useful for accessing other sites, even if users have already changed their passwords, or LinkedIn reset them.

After an initial report on Motherboard that the the cache was for sale for 5 bitcoin ($2,285), LinkedIn confirmed that the leaked information is genuine. “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords,” the company said in a post on its official blog. “We have no indication that this is as a result of a new security breach.” Well, that’s… still not comforting.

LinkedIn also recommends using two-factor authentication, which is an option on the site, and uses a code sent to your mobile phone by text message as confirmation after you type in your password.

Another Day, Another Hack: 117 Million LinkedIn Emails And Passwords [Motherboard]
Protecting Our Members [LinkedIn]