The LinkedIn data breach is at the forefront of conversations this week, as pretty much everybody who belongs to the professional network may have been affected. Myself included, everybody with a LinkedIn profile received an email from LinkedIn legal on Wednesday titled “Important Information About Your LinkedIn Account,” which described the details of the breach and how to secure your personal information moving forward. LinkedIn recently discovered that what originally was estimated to be 6.5 million user passwords stolen during the data compromise of 2012 actually turned out to be a breach of 117 million passwords.
Why did it take LinkedIn four years to figure it out?
What is most compelling about the LinkedIn data breach is that it took them four years to learn the full details of the breach… Or, at least that’s what we’re being led to believe. LinkedIn not only claims they were just recently made aware of the astronomical amount of passwords stolen from the social network, but also that the user information is being sold on the digital black market. Their lack of knowledge of passwords being sold online seems a bit farfetched considering LinkedIn was aware of the breach four years ago… What did they think these cyber criminals were doing with all that user data? The majority of the blame for the data breach is being directed toward LinkedIn’s failure to “salt” the data, making it easier for hackers to decode user passwords.
How the LinkedIn data breach affects you
Many people who received the notification from LinkedIn may have been thinking, “So? What are these hackers really going to do with my employment history and list of academic achievements?” But here’s where it gets scary… Since the LinkedIn hackers were able to unveil millions of email/password combinations, and most people still use the same password for all of their online accounts, these cyber criminals will be able to hack into more sensitive data sources such as online banking and healthcare accounts. With that in mind, it’s important for anyone affected by the LinkedIn data breach to take the necessary precautions.
How do I know if my information was compromised, and what should I do?
First, you need to check if your account was compromised. Not surprisingly, a website called Have I been pwned? has already been created for people to enter their email addresses and find out whether or not their information was stolen during the LinkedIn data breach. “Pwned” is tech speak for “hacked” or “compromised.” Check out the website to see if you’re a victim. Luckily, I passed the “pwned” test. (Phew!)
If you have been affected by the breach (or even if you haven’t), you should log into LinkedIn and change your password, and even think about changing your passwords for your more sensitive online accounts. LinkedIn also offers two-step verification now, which you can enable in your security settings.
While the latest information on the LinkedIn data breach has caused a tidal wave in the data security world this week, this is not the first (and won’t be the last) breach of this magnitude. Therefore, it’s important to always take the proper security measures when accessing your sensitive information online.