LinkedIn's Breach Larger Than Expected

LinkedIn's 2012 data breach found to impact 117 million users

On June 5, 2012, Vicente Silveira, a LinkedIn Representative, stated that 6.5 million usernames and passwords had been stolen via a Russion hacker (announced on the LinkedIn Blog). Preliminary disaster recovery operations implemented were nullifying affected users' password, emailing the affected users of the hack, and offering a more in-depth understanding of the breach that occurred. A final parting notion was a sincere apology regarding the inconvenience

Unfortunately, four years later, the 2012 hacked information showed up online once again, but this time the extent of the information breach was shown to reach 117 million user accounts.

The reason for the response from LinkedIn four years later is due to the additional set of data that proved that the breach was much more serious than previously thought. Hani Durzy, a LinkedIn spokesman, stated that the database holding the stolen information is real. Click here to read more about this.

Why this is important to you

LinkedIn’s social platform hosts 467 million accounts worldwide. That means one out of four users of the site has been affected by this breach in some way. Therefore, if you have a profile on LinkedIn, the best practice is to act as soon as possible by changing your password and implementing some security best practices.

Find out if you were impacted

To find out if your account was impacted, please visit haveibeenpwned.com and enter your email address. This tool will let you know if your email has been associated with any security breach, not just the one that happened with LinkedIn.

My account was impacted! What do I do?

Detailed steps towards securing your compromised LinkedIn Account.

Step 1: Login and Change your LinkedIn Password

Use an online service like https://password.kaspersky.com/ to check your current passwords, or to see how secure a future password might be. The address listed above also shows a timeframe of when a password could be decrypted using different types of computers. Once you have done that, follow the steps below to change your password:

• (1) Log into your LinkedIn Account. You can also access it from the home page, as shown in the images below.
• (2) Hover over your image in the top menu bar and select Privacy & Settings
• (3) Choose the Change Password link under the Basics category.
• (4) Type in your current password and new password. A best practice is to leave the Require all devices to sign in with the new password selection checked.
• (5) Click "Save"

Log in to LinkedIn

Account Management Page

Change Password Screen

 

When choosing a new password, make sure to follow these best practices:

• Never reuse passwords
• Use a strong password
• Consider using a password generator

Step 2: Set up two-factor authentication

While you're changing your LinkedIn password, we strongly recommend that you set up two-factor authentication.

• Two-Factor Authentication: Two step verification adds an additional layer of security to your account by prompting you to enter a code sent to your mobile device (through SMS or an authenticator application).
• Two-Factor verification for LinkedIn is turned on by navigating to Privacy & Settings > Privacy > Security.

Enable Two Step Authentication

 

Once you have completed these steps, there are some other important things to do in order to stay secure.

Step 3: Change the passwords of any accounts that used that previous password

Any account that reused that password is also at risk. At the very least, make sure to change reused passwords for the following important account types:

• Online banking
• Social media sites like Facebook and Twitter
• Google
• Anything that involves payment data or social security numbers (PayPal, government sites, etc.)

Step 4: Change your Ultius account password

If you have an Ultius account, please follow the steps below to change your password.

• (1) Log into your Ultius account
• (2) Click Profile from the main menu
• (3) Click Edit Profile on the bottom-right of the screen
• (4) Update your passwords
• (5) Click Update Profile at the bottom-right of your screen to finalize the change.

Now that you have secured your accounts and set up some additional security, keep reading to consider some other security considerations.

 

 

Other things you can do to protect your security

Consider taking the time to consider some other security best practices.

• Get a password manager. We recommend using Dashlane. We use it internally at Ultius and there is a free version available for consumers (like you)
• Consider updating all of your passwords regularly, especially the ones that you have reused. Once every six months is a sufficient frequency
• Consider setting up two-factor authentication on all of your important accounts (like online banking). This is an added layer of security that will help prevent unauthorized users from accessing your account without authentication from your phone
• Stay up to date on security related news by following Ultius security bulletins

Lastly, don't forget to share this guide with your friends, family and co-workers so that they can stay safe too.