As we all know that LinkedIn is a business-oriented social networking service. Founded on December 14, 2002, and launched on May 5, 2003. It is mainly used for professional networking and recently it was discovered that more than 160 million LinkedIn data are on sale at Deep Web.
Millions of LinkedIn users are getting email services with guidance for immediate password change. What’s the reason? A leak of data that would have happened in July 2012 and that may have affected 167 million accounts.
LinkedIn acknowledges that in 2012, its servers were hacked, resulting in leakage of passwords. At the time, the reaction was as expected, the accounts involved, an estimated 6.5 million which had to go through a password reset. In addition, the company issued notices to advise others to do the same as a precautionary measure.
This week, LinkedIn found that the problem did not end there: a member of a darknet called TheRealDeal put on sale a package to access data of 117 million LinkedIn accounts obtained in casting 2012. The price kept by the member of the darknet is 5 bitcoins (US $ 2.2 billion, approximately).
A number of beads can be most affected. The Leaked Source, a site that describes itself as a service that helps the user to find out if their private information is available on the Internet. It also claims to have access to the data of 167,370,910 accounts.
According to the LinkedIn, no other major invasion was recorded in the service, so it is virtually certain that the data in these accounts have been obtained even in the leakage 2012.
If the number of accounts is so broad, then why only the data was made available? One of those responsible for LeakedSource explained to the motherboard that “Probably the data was all the time under the control of a small Russian group. It is possible that access to the package has been well controlled to avoid fanfare, which would make many passwords be changed quickly”.
Also added, “from what you know, passwords themselves were encrypted, but without the application of “salt” (salt), key derivation technique that helps in the protection of combination of certain types of attacks. Because of this, people with knowledge on the subject do not face any difficulty to identify passwords”.
Hence, LinkedIn had no choice: from Wednesday 18, service users are receiving an e-mail to exchange passwords. As the reinforcement service is progressively invalidating passwords for all accounts created by 2012. The same has been done for the accounts which have not been updated since that year.
As expected, LinkedIn has been questioned by the experts in security for failing to take measures more comprehensive compared to 2012. For the invasion, Brad Taylor, the CEO of Proficio security company, analyse and performed forensic that could have given a clearer idea of the scope of the problem. The company defends itself by saying that “strengthened the encryption of passwords and implemented the authentication option in two steps”.
But as the damage is done, it will do everything that is possible to protect. But, the trick is to change your password on LinkedIn as soon as possible, even if your account has not been notified.