LinkedIn personal data of 100 million members possibly stolen by hackers

Personal data of more than 100 million LinkedIn users may have been stolen, the company has warned.

For nearly four years, everything seemed fine. In 2012, passwords belonging to members of the professional networking site had shown up in a list of 6.5 million passwords posted online by Russian hackers. “LinkedIn was using an outdated form of cryptography to secure its users’ private information,” CNN reported at the time.

After the disclosure, LinkedIn imposed a mandatory reset for all accounts it believed had been compromised, and advised all members to change their passwords.

On Tuesday, the firm, which claims 400 million members in 200 countries, learned that the problem had not gone away, it said.

“We became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012,” LinkedIn said in a statement Wednesday.

The company said it had no evidence of a new security breach. On Wednesday the company began invalidating passwords for all accounts created before the 2012 theft that hadn’t been updated since the breach, LinkedIn said. Affected members will be notified if they need to reset their passwords, the company said.

“Regularly changing your password is always a good idea and you don’t have to wait for the notification,” LinkedIn said in the statement, which was on the company blog.

In a tilt at the infamous windmill of criminal hacking, LinkedIn added that it had “demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply.”

While it waits for the hackers to comply, LinkedIn will use “automated tools” to try to identify and block suspicious activity on affected accounts, the company said.

The networking site is “an extremely attractive target for hackers,” said Dave Kennerley, a senior threat researcher at cybersecurity firm Webroot. “It’s no secret that LinkedIn is a rich pool of data.”

People can’t rely on organizations to keep their personal data safe, but must take “as many steps as possible to secure it themselves,” Kennerley said. “In this case, ensuring that the password used for LinkedIn is different (from) other accounts is crucial – this will limit the potential impact on other accounts, including email, which can lead to other, more sensitive, information being stolen.”


Photo: LinkedIn headquarters in Mountain View (AP Photo/Paul Sakuma, File)


Tags: , , , , , , , , ,


Share this Post