Old Breach Revisited: Cybercriminal Sells 117 Million LinkedIn Credentials

By on May 19, 2016

This week, a cybercriminal group going by the moniker “Peace” made headlines across the Internet. Peace didn’t do anything special. They didn’t release classified information. They didn’t break a bank. Instead, Peace did something so common it’s worrying: they offered to sell account information belonging to some 117 million users on the Dark Web.

In particular, Peace offered to sell login information belonging to 117 million LinkedIn users from a 2012 breach, according to Motherboard’s Lorenzo Franceschi-Bicchierai. That breach initially saw  6.5 million account credentials posted online. It now appears to be far larger than initially reported.

And, unlike some cybercriminal claims, this one appears to be the real deal. LinkedIn is currently investigating the incident, but security experts have been declaring legitimacy left and right.

What’s more, the leak has revealed that a lot of LinkedIn users’ passwords weren’t all that secure before being compromised. The most widely used password from the batch was—you guessed it—123456.

The long and short of it is this: If you haven’t changed your LinkedIn password since 2012, now’s the time. Here are a few tips to keep in mind:

  • Don’t use the same password in multiple places. The best way to minimize damage from a breach is to give each online account you have a unique password. There’s no getting around this. By using a variety of passwords, you limit how much access a cybercriminal could potentially access should even one account be compromised.
  • Use a password manager. Keeping track of strong, unique passwords is difficult to do on your own. Keep track of all of them with a password management system that safely stores and retrieves encrypted passwords for you. There are a variety of these products out there, including True Key™ by McAfee, and they’re simple to use.
  • Enable multi-factor authentication. Many online services, including social platforms, give users the option of a using multi-factor authentication process. For example, you can be sent an SMS after logging in, to confirm you are who you say you are. Adding an extra layer of security goes a long way in protecting your accounts, making it difficult for criminals to break in.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

gary

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs