2012 LinkedIn Breach Much More Extensive than Reported
May 23, 2016
Late last week, business-oriented social network LinkedIn began notifying users that the 2012 data breach originally reported as having affected 6.5 million accounts now may have exposed the login credentials of more than 100 million LinkedIn account holders. The company acknowledged in a blog post that “an additional set of data” had been released from the four year-old network intrusion and it was taking steps to mitigate the risk to its users.
“We have begun to invalidate passwords for all accounts created prior to the 2012 breach that haven’t updated their password since that breach,” wrote LinkedIn’s Chief Information Security Officer Cory Scott. “We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply. In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts.”
Because most people use the same passwords for multiple online accounts, username and password combinations have become increasingly valuable to hackers. With one stolen password and email address, fraudsters are able to access multiple online accounts. Consequently, account takeover and account creation fraud have experienced a boom over the past two years . The subject will be examined tomorrow morning in a panel discussion devoted entirely to the topic at the CNP Expo in Orlando, Fla.