LinkedIn and the Breach Timeline
In 2012, LinkedIn suffered a data breach of users’ encrypted passwords. At the time, they understood this to be about 6.5 million passwords. They forced a mandatory password reset for all users they believed to be impacted. In 2016, four years later, it was discovered that 167 million users were impacted by this breach, with 117 million of those passwords already decrypted. This was only realized when these breached credentials were being sold on multiple password forums including LeakedSource. Samples shared included emails and passwords. When the breach originally occurred, the site was using weak encryption to store users’ passwords. According to LeakedSource, 50 easily guessed passwords (123456, password, and qwerty, for example) made up 2.2 million of the 117 million decrypted passwords.
How does this impact you?
If you were a LinkedIn user in 2012, it is likely that your password has been changed since this breach occurred. Password reuse is a common practice. About 65% of breached passwords appear in other breaches. It’s inevitable that your 2012 passwords are in the ecosystem of the dark web, and if you’re still using them, other accounts are at risk. Even a ten-year-old breach can still ripple through your internet security and password use.
What to do next?
If you haven’t changed your LinkedIn password since 2012 OR you still use this compromised password on another account. You should change it before you finish reading this article. LinkedIn also added multi-factor authentication to user logins for added security. You can enable this in your account settings.