01 Jun LinkedIn Breach Surges by 110 Million Records
Like millions of others, last week I received a notice from LinkedIn that my personal data may have been stolen during a data breach in 2012. What prompted the notice four years after the LinkedIn breach was that a few days ago the company “became aware that data stolen from LinkedIn in 2012 was being made available online.”
LinkedIn posted a notice of the data breach at their site:
What Happened?
On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.
What Information Was Involved?
Member email addresses, hashed passwords, and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012.
LinkedIn breach balloons
As it turns out, the 6.5 million records thought to have been compromised in 2012 was actually closer to 117 million records. Either the company never really new the extent of the breach in 2012, or they chose to keep it hidden until the records showed up for sale. I’m giving LinkedIn the benefit of the doubt and assuming that they really had no idea that 117 million records were actually stolen.
Allegedly the company had a number of security shortcomings that made them vulnerable.
So 4 years later, I’m thinking of two significant takeaways from this experience. First, that data breaches are often a great deal larger then initially thought, especially for companies without best practice security measures in place. Secondly, the ramifications of a breach can last a lot longer than one might think.
I think I’ll go change all of my passwords again and enable two-factor authentication.
The opinions expressed in this contributor article are solely those of the author, and do not necessarily reflect those of Fortscale.
Follow Fortscale online at LinkedIn, Twitter & Facebook.