Now’s the time to change all your passwords, not just LinkedIn

Expanding 2012 breach is a good reminder to be diligent about online security

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Quickly, what was your LinkedIn password in 2012? OK, now think of every password you have set at every service you use and make sure that LinkedIn password isn’t reused anywhere.

If ever you needed a reminder not to reuse passwords, here it is. We knew that LinkedIn got hacked in 2012, but at the time, we thought “only” 6.5 million passwords had been taken. Now, we learn the real figure was something more like 100 million-plus. That means your old LinkedIn password, and probably any derivations of it, should never be used anywhere else. You already knew that, but now you really know it.

A security researcher found an ad posted by a hacker offering a list of 167 million LinkedIn passwords for sale—for about $2,300. LinkedIn confirmed to Ars Technica on May 18 that it is aware an “additional set of data has just been released.” It’s working to invalidate any passwords on the list that might still be in use. Because of duplicates, etc., the real number is probably far less than 167 million, but it’s certainly much larger than 6.5 million.

Of course, LinkedIn can’t help you with any other online accounts where you might have used that LinkedIn password. And you probably forgot it anyway. Sadly, computers never forget these things. Even if you only signed up for LinkedIn once, back in 2012, and never used it again, the password you set at the time is now poisoned.

There is no need to panic. No doubt, whoever had this list had wrung all the value out of it before offering it for sale—probably many times over, and by multiple whoevers. If it were really a gold mine, it wouldn’t be for sale at $2,300. Most of the user/password combinations have, no doubt, already been tried at obvious places like Amazon and Bank of America.

Still, your job today is to think about all the critical sites you use—places where you keep your money (banks) and places where you spend money (Amazon, Expedia, etc.)—and make sure those passwords are clever and fresh.

Then let your mind wander to places where hackers might make bank by escalating through your personal, digital life: Hacking into your email account, for example, or even your Facebook account. Using your email, they could reset passwords at your bank. Using Facebook, they could trick friends into sending money, or just embarrass you.

Doing that kind of digital security inventory is a good exercise at any time. But the LinkedIn hack presents a great reminder.

“There needs to be a sense of heightened security every day when it comes to cyber attacks and thinking passwords could be stolen,” said John Peterson, Vice President of Enterprise Products at cybersecurity company Comodo. “Consumers, small businesses and large enterprises all need to understand that criminals have established, working organizations with paid hackers, spammers and phishing experts who think of ways to steal and leverage passwords, bank records, Social Security numbers, company trade secrets and data, and credit card and financial data every minute of every day.”

More stories related to online security:
LinkedIn is a powerful business tool—for hackers
10 lessons everyone should learn from Cardinals-Astros hack
Keep these resolutions to better avoid identity theft in 2016