Here we go again! In 2012, Russian hackers attacked LinkedIn, stealing 6.5 million user accounts including emails and passwords. Now it turns out that the actual number of compromised accounts was over 117 million and that the information from these accounts is still being sold on the dark web.

2012: The hack

In the 2012 LinkedIn hack, 6.5 million LinkedIn user accounts were hacked. Following the attack, these users were locked out of the professional network.

Usually, companies encrypt all customer passwords, but back in 2012, LinkedIn had yet to add a vital layer of security, one that makes encrypted text much harder to decrypt, to their systems. This could explain why the hackers were apparently able to decode the stolen accounts relatively quickly and go on to sell them on the dark web.

Russian hackers took credit for the attack in 2012, and LinkedIn encouraged all their users to change their passwords.

2016: The aftermath

In 2016 it was revealed that the LinkedIn hack was much more comprehensive than first assumed:

Apparently, the number of compromised accounts were over 117 million, and many of these were still being sold on the dark web. Based on this new information, the attack on LinkedIn is estimated to affect up to 167 million users.

Seeing as many people use the same password for different online accounts, the hacked LinkedIn users also risk having other accounts, like their e-mail or online bank accounts, hacked as well.

Were you hacked?

If you want to know whether your account was hacked back in 2012, there’s an easy and quick way to do so.

Australian security expert Tony Hunt has uploaded the stolen dataset to his website haveibeenpwned.com. When you enter your email address into Hunt’s website, it’s instantly crosschecked against 510.321.085 account details from more than 106 compromised websites such as MySpace, Adobe, and of course LinkedIn.

If your email address matches a hacked account, Hunt’s website will let you know. It’ll also recommend that you change your password.

What else can you do?

If you realize that your account was hacked, or if you just want to ensure yourself in the future, you should start by changing all your passwords. When doing so you must make sure that you only use secure passwords, which means no birthdays and no obvious choices such as ‘1234’ or ‘password’.

You should also make sure that you don’t use the same password for different accounts. On top of that, it’s always a good idea to use two-factor authentication which adds an extra layer of security every time you log in to your accounts.

So what did we learn?

The fact that the 2012 attack on LinkedIn turned out to be much worse than initially thought raises several questions concerning online security:

First, you have to question why four years had to go by before it was revealed that 117 million, and not 6.5 million, accounts were compromised in the attack. Moreover, assuming that LinkedIn did not realize the extent of the hack until now, it also begs the question: Why did they not realize sooner?

Secondly, you should continue to reflect on and question your own level of online security, regardless of whether you were hacked or not. This includes both the protection that you are responsible for yourself—such as having secure passwords—and the security that companies like LinkedIn are responsible for, like having a sufficient security policy and updated security systems in place.

The attack on LinkedIn serves as a reminder to continue to demand proper security from the companies that handle our personal information—whether it be our bank, a government agency, online stores, or social media networks.

Another thing we can do is stop using websites that are not EV certified: EV or ‘Extended Validation Certificate’ is an add-on to the standard SSL-certificate. An EV certificate guarantees a higher level of security thanks to an extensive validation process.

By using EV certificates, companies and government agencies let you know that their website is both trustworthy, secure, and reliable. TRUSTZONEs EV SSL-certificate offers the highest level of SSL security available.

At TRUSTZONE, we know that it’s not just common sense to prioritize your customer’s online security – it is also good for your business. That is why we do everything we can to help our customers make their customers more secure with secure and straightforward SSL solutions.