Now’s the time to change all your passwords, not just LinkedIn

Expanding 2012 breach is a good reminder to be diligent about online security

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Quick­ly, what was your LinkedIn pass­word in 2012? OK, now think of every pass­word you have set at every ser­vice you use and make sure that LinkedIn pass­word isn’t reused anywhere.

If ever you need­ed a reminder not to reuse pass­words, here it is. We knew that LinkedIn got hacked in 2012, but at the time, we thought “only” 6.5 mil­lion pass­words had been tak­en. Now, we learn the real fig­ure was some­thing more like 100 mil­lion-plus. That means your old LinkedIn pass­word, and prob­a­bly any deriva­tions of it, should nev­er be used any­where else. You already knew that, but now you real­ly know it.

A secu­ri­ty researcher found an ad post­ed by a hack­er offer­ing a list of 167 mil­lion LinkedIn pass­words for sale—for about $2,300. LinkedIn con­firmed to Ars Tech­ni­ca on May 18 that it is aware an “addi­tion­al set of data has just been released.” It’s work­ing to inval­i­date any pass­words on the list that might still be in use. Because of dupli­cates, etc., the real num­ber is prob­a­bly far less than 167 mil­lion, but it’s cer­tain­ly much larg­er than 6.5 million.

Of course, LinkedIn can’t help you with any oth­er online accounts where you might have used that LinkedIn pass­word. And you prob­a­bly for­got it any­way. Sad­ly, com­put­ers nev­er for­get these things. Even if you only signed up for LinkedIn once, back in 2012, and nev­er used it again, the pass­word you set at the time is now poisoned.

There is no need to pan­ic. No doubt, who­ev­er had this list had wrung all the val­ue out of it before offer­ing it for sale—probably many times over, and by mul­ti­ple who­ev­ers. If it were real­ly a gold mine, it wouldn’t be for sale at $2,300. Most of the user/password com­bi­na­tions have, no doubt, already been tried at obvi­ous places like Ama­zon and Bank of America.

Still, your job today is to think about all the crit­i­cal sites you use—places where you keep your mon­ey (banks) and places where you spend mon­ey (Ama­zon, Expe­dia, etc.)—and make sure those pass­words are clever and fresh.

Then let your mind wan­der to places where hack­ers might make bank by esca­lat­ing through your per­son­al, dig­i­tal life: Hack­ing into your email account, for exam­ple, or even your Face­book account. Using your email, they could reset pass­words at your bank. Using Face­book, they could trick friends into send­ing mon­ey, or just embar­rass you.

Doing that kind of dig­i­tal secu­ri­ty inven­to­ry is a good exer­cise at any time. But the LinkedIn hack presents a great reminder.

There needs to be a sense of height­ened secu­ri­ty every day when it comes to cyber attacks and think­ing pass­words could be stolen,” said John Peter­son, Vice Pres­i­dent of Enter­prise Prod­ucts at cyber­se­cu­ri­ty com­pa­ny Como­do. “Con­sumers, small busi­ness­es and large enter­pris­es all need to under­stand that crim­i­nals have estab­lished, work­ing orga­ni­za­tions with paid hack­ers, spam­mers and phish­ing experts who think of ways to steal and lever­age pass­words, bank records, Social Secu­ri­ty num­bers, com­pa­ny trade secrets and data, and cred­it card and finan­cial data every minute of every day.”

More sto­ries relat­ed to online security:
LinkedIn is a pow­er­ful busi­ness tool—for hackers
10 lessons every­one should learn from Car­di­nals-Astros hack
Keep these res­o­lu­tions to bet­ter avoid iden­ti­ty theft in 2016


Posted in Data Privacy, Data Security, Featured Story