You must have received a message from LinkedIn already by now asking you to reset your password; “We’ve recently noticed a potential risk to your LinkedIn account coming from outside LinkedIn. Just to be safe, you’ll need to reset your password the next time you log in.”
This is because login details of millions of LinkedIn users are in possession of a hacker who intends to put them out for sale to anyone who is interested in buying them. According to a report, the hacker, who claims to have stolen 117 million emails and passwords of LinkedIn users, goes by the name “Peace” (I think he had a settled agreement in mind before using that name), intends to sell the passwords on the darkweb for 5 bitcoins ($2,200).
Although the hacker claims to have access to users personal data, LinkedIn still emphasizes that there is no indication of of any data breach, the company also said that it’s working to determine how many of the passwords in question are still being used and is in the process of resetting them and notifying the users in question.
This originated back in 2012 when LinkedIn’s network was hacked, about 6.5 million encrypted passwords were stolen and posted onto a Russian hacker forum. Passwords were easily cracked because they were stored as unsalted SHA-1 hashes. The new hacked accounts comes from another data set from the previous hack.
Here’s what LinkedIn’s chief security officer Cory Scott said regarding the issue;
“In 2012, LinkedIn was the victim of an unauthorised access and disclosure of some members’ passwords. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorised disclosure.”
Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.
“Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012.”
He also added that the company is now taking immediate actions to secure the accounts that are affected:
We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords
“We take the safety and security of our members’ accounts seriously. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible.”
To be safe it is best to reset your password the next time you log in, also it is advisable to change this password if it is used to log into any other account on the web other than LinkedIn. Follow these steps as directed by LinkedIn;
- Go to LinkedIn website
- Next to the password field, click the “Forgot your password” link and enter your email address
- you’ll get an email from LinkedIn asking you to click a link that will help you reset your password.
- Once you’ve reset your password, a confirmation email will be sent to the confirmed email address on your account.
Please note, if you receive a message from LinkedIn informing you of a potential risk, then it is likely that you are affected, try to reset your password as fast as possible.
LinkedIn is a business-oriented social networking service. Founded in December 14, 2002 and launched on May 5, 2003, it is mainly used for professional networking. As of 2015, most of the site’s revenue came from selling access to information about its users to recruiters and sales professionals.
The company was founded by Reid Hoffman and founding team members from PayPal and Socialnet.com (Allen Blue, Eric Ly, Jean-Luc Vaillant, Lee Hower, Konstantin Guericke, Stephen Beitzel, David Eves, Ian McNish, Yan Pujante).
In cryptography, a salt is random data that is used as an additional input to a one-way function that “hashes” a password or passphrase. The primary function of salts is to defend against dictionary attacks (a technique for defeating authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.)..