It is also an example of the importance of continual evaluation and action by any company whose passwords have been compromised. It’s a reminder that the size of a data breach is seldom known immediately, and that the ramifications for a company-just in terms of account security-can linger for years. New York CNN Business Information scraped from around 500 million LinkedIn user profiles is part of a database posted for sale on a website popular with hackers, the company confirmed. This latest resurfacing of an older breach should serve both as reminder and example. In thinking about theft-of-password situations, it is important to remember that they are theft, and that law enforcement agencies like the FBI can be brought in to assist in investigating theft of electronic assets, which includes users’ passwords.
#LINKEDIN DATA BREACH 2016 PASSWORD#
Specifically, salting is primarily used to defend against dictionary attacks, in which a cybercriminal tries to determine a decryption key by trying multiple passwords that are more likely to succeed (e.g., list of words from a dictionary).Īfter the 2012 attack, LinkedIn worked with the FBI to investigate the password theft. In his blog post, Cory Scott noted that LinkedIn has been “salting” or appending random data to passwords before they are encrypted to make them less decryptable/breakable for several years (probably since the 2012 theft). Originally, LinkedIn suspected that 6.5 million encrypted passwords were stolen, but it now seems that number may have been as high as 160 million e-mail and password combinations. The notices included the following instructions (received on May 19): In response to the breach, LinkedIn invalidated passwords for accounts created prior to the 2012 breach whose owners had not updated their passwords since the 2012 breach, and they also began letting individual members know if they needed to reset their passwords.
We have no indication that this is as a result of a new security breach.
We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. This recent release is related to a 2012 unauthorized access and disclosure of LinkedIn members’ passwords: Of those passwords, 1.5 million appeared to have been. Last week on the official LinkedIn blog, the company’s chief information security officer, Cory Scott, reported the company had become aware of an additional set of data that has just been released consisting of e-mail and hashed password combinations of more than 100 million LinkedIn members. The LinkedIn breach came to light after a hacker posted 8 million hashed passwords to an underground forum, seeking help in cracking them. A 2012 data breach that was thought to have exposed 6.5 million hashed passwords for LinkedIn users instead likely impacted more than 117 million accounts, the company.
0 kommentar(er)
