Beware the ghosts of smart device owners – past and future
May 30, 2016
With a target as big as SWIFT, you’d expect them to be prepared for breaches originating from within trusted banks
May 30, 2016

LinkedIn: Oops. Did we say you weren’t affected by that breach back in 2012?

If this sounds like old news, it actually is, but with a slight twist that you should think about. In 2012, LinkedIn was hacked, and password data for millions of the social network’s users was exposed. At the time, LinkedIn assessed the situation and made a public disclosure, as well as forcing millions of affected users to reset their passwords. However, they seem to have made an error in determining which accounts were actually at risk.

If this sounds like old news, it actually is, but with a slight twist that you should think about. In 2012, LinkedIn was hacked, and password data for millions of the social network’s users was exposed. At the time, LinkedIn assessed the situation and made a public disclosure, as well as forcing millions of affected users to reset their passwords. However, they seem to have made an error in determining which accounts were actually at risk.

It turns out that many more users’ passwords could be discovered for accounts accessed by attackers during the 2012 breach than LinkedIn had originally indicated. So, anyone who believed that their account was not affected as a result of LinkedIn’s disclosure may have been at much greater risk of having their account hacked.

In the end, if you didn’t change your LinkedIn password after the initial breach, then it’s a very good idea to do it NOW, although it may have already been hacked at some point in the past 4 years. But, better late than never, right?

Tip for Any Data Breach Notifications

The lesson we can take away from this is that, if a service or website you use announces it’s been hacked, it’s always a good idea to change your password as soon as possible. The company could be wrong in assessing exactly which accounts were affected, so you’re better off assuming the worst case.

Brian Krebs has a good article on this situation, and points out that LinkedIn is making the same mistake this time around, by only forcing a subset of its user base to reset their passwords. Doh!

Why not ask for a free consultation?

We can even do a live demo to try out some options.

LET’S GET STARTED