My, oh my how the past can haunt us and this is especially true for professional networking site LinkedIn. In 2012, cyber-criminals breached the site due to LinkedIn’s poor security policy. At that time LinkedIn was not encrypting customer passwords, making it easy for hackers to decode them. Fast forward to 2016, these same login credentials (all 117 million of them) were posted on the dark web for $2,200 (in Bitcoin, naturally) according to Motherboard, a tech website managed by Vice. As a result, LinkedIn’s CISO wrote on the company blog, “We have begun to invalidate passwords for all accounts created prior to the 2012 breach that haven’t updated their password since that breach. We will be letting individual members know if they need to reset their password”.
I wanted to point out something important that I believe this event highlights. While many LinkedIn users believe they are in the clear once they change their password, what is to say a user’s LinkedIn password is not the same as their E-mail, Instagram, Snapchat, Facebook, Amazon, and Bank account passwords? Not only is it important to change our passwords, but it is equally important to make them difficult for someone to guess. In this world of “linkability”, it is critical to keep ourselves free from the chains of identity theft!