THE LINKEDIN HACK OF 2016
Here we go again! In 2012, Russian hackers attacked LinkedIn, stealing 6.5 million user accounts including emails and passwords. Now it turns out, that the actual number of compromised accounts was over 117 million, and that the information from these accounts is still being sold on the dark web.
2012: The hack
Four years ago 6.5 million LinkedIn users had their accounts hacked and were subsequently locked out of the professional network. Usually, companies encrypt their customer’s passwords, but back in 2012, LinkedIn had yet to add a pivotal layer of security, that makes encrypted text much harder to decrypt, to their systems. This could explain why the hackers were apparently able to decode the stolen accounts relatively quickly, and go on to sell them on the dark web. Russian hackers took credit for the attack in 2012, and LinkedIn encouraged all their users to change their passwords.
2016: The aftermath
In 2016, it was revealed that the LinkedIn hack was much more comprehensive than first assumed. Apparently, the number of compromised accounts were over 117 million, and many of these were still being sold on the dark web. Based on the new information it has been estimated that the attack on LinkedIn will affect up to 167 million users. Seeing as many people use the same password for different online accounts, the hacked LinkedIn users also risk having other accounts, like their e-mail or online bank accounts, hacked as well.
Were you hacked?
If you want to know, whether your account was hacked back in 2012, there is an easy way to do so. Australian security expert Tony Hunt has uploaded the stolen dataset to his website https://haveibeenpwned.com/, making it simple and quick to check if your account was hacked. When you enter your email address into Hunt’s website, it will crosscheck it with 510.321.085 account details from more than 106 compromised websites such as MySpace, Adobe and of course LinkedIn. If your email address match a hacked account, Hunt’s website will let you know and recommend that you change your password.
What else can you do?
If you realize that your account was hacked, or if you just want to ensure yourself in the future, you should start by changing all your passwords. When doing so you must make sure that you only use secure passwords, which means no birthdays and no obvious choices, such as ‘1234’ or ‘password’. You should also make sure that you do not use the same password for different accounts. On top of that, it is also a good idea to use two-factor authentication, which means you have to use a text message code every time you access your account from a new device.
So… what did we learn
The fact that the 2012 attack on LinkedIn turned out to be much more extensive than first assumed, raises several questions concerning online security.
First, you have to question why four years had to go by, before it was revealed that 117 million, and not 6.5 million, accounts were compromised in the attack. Moreover, assuming that LinkedIn did not realize the extent of the hack until now, it also begs the question: Why did they not realize sooner?
Second, you should continue to reflect on and question your own level of online security, regardless of whether you were hacked or not. This includes both the security that you are responsible for yourself, such as having secure passwords, and the security that companies like LinkedIn are responsible for, like having a sufficient security policy and updated security systems in place.
The attack on LinkedIn reminds us all, that we must continue to demand proper security from the companies that handle our personal information, whether it is our bank, a government agency, online stores or social media. One thing we can do is stop using websites that are not EV-certified. EV or ‘Extended Validation Certificate’ is an add-on to the standard SSL-certificate that guaranty a higher level of security thanks to an extensive validation process. By using EV-certificates, companies and government agencies let you know that their website is both trustworthy, secure and reliable. You can recognize an EV-certified website by the solid green bar in the browser’s address bar and the easily recognizable green padlock icon. TRUSTZONEs EV SSL-certificate offers the highest level of SSL-security available.
At TRUSTZONE, we know that it is not just common sense to prioritize your customer’s online security – it is also good for your business. That is why we do everything we can to help our customers make their customers more secure with simple and secure SSL solutions.