If this sounds like old news, it actually is, but with a slight twist that you should think about. In 2012, LinkedIn was hacked, and password data for millions of the social network’s users was exposed. At the time, LinkedIn assessed the situation and made a public disclosure, as well as forcing millions of affected users to reset their passwords. However, they seem to have made an error in determining which accounts were actually at risk.
It turns out that many more users’ passwords could be discovered for accounts accessed by attackers during the 2012 breach than LinkedIn had originally indicated. So, anyone who believed that their account was not affected as a result of LinkedIn’s disclosure may have been at much greater risk of having their account hacked.
In the end, if you didn’t change your LinkedIn password after the initial breach, then it’s a very good idea to do it NOW, although it may have already been hacked at some point in the past 4 years. But, better late than never, right?
Tip for Any Data Breach Notifications
The lesson we can take away from this is that, if a service or website you use announces it’s been hacked, it’s always a good idea to change your password as soon as possible. The company could be wrong in assessing exactly which accounts were affected, so you’re better off assuming the worst case.
Brian Krebs has a good article on this situation, and points out that LinkedIn is making the same mistake this time around, by only forcing a subset of its user base to reset their passwords. Doh!