Some things come to light only after the passage of time. The LinkedIn data breach is a good example. Initially thought to have only affected 6.5 million users, in 2016, new information came to light revealing that virtually all 170 million LinkedIn members’ account logins were stolen. The new information was disclosed when a hacker named “Peace” offered the stolen user accounts on the dark web for about $2,300 (5 bitcoins). They advertised the loot on the “Real Deal” forum. A copy of the data was obtained from the Russians by LeakedSource and they confirmed with a few users that the LinkedIn username and hashed (SHA1) passwords were correct, and from the initial 2012 LinkedIn data breach. Only 117 of the accounts found in the data had passwords, so the other uses must have connected via Facebook or another login. The hackers claimed to have unencrypted all of the passwords.
When Was the LinkedIn Data Breach?
The actual Linkedin breach took place in June of 2012. However, in May of 2016, news broke again of the data breach because the severity came into question, and the collection of data was found on sale on the dark web. LinkedIn has never confirmed the actual number of affected users, but cyber experts who have examined the stolen data say it is legitimate.
How to Check if Your Victim of LinkedIn Breach
LinkedIn reset all passwords for all affected accounts at the time. However, since the breach has since been thought to have affected all user accounts, you were probably included. You can contact support at LinkedIn if you have any questions about your specific user account at firstname.lastname@example.org.
LinkedIn Hacked? Here’s What to Do
Unfortunately, unless you connected to LinkedIn through a third-party login like Facebook, you were included in the data breach. The LinkedIn data breach included email addresses and passwords only. However, that is enough to get into your account. The first thing you need to do is change your LinkedIn password if you haven’t already.
Then set up two-factor authentication for your LinkedIn account to include a second layer of protection for your login. Additionally, watch out for phishing emails or scams that are designed to look like they came from LinkedIn but sound “off.” Additional steps to take are:
- If you used your LinkedIn password anywhere else, change it now to a complex new one.
- Regularly review your bank and credit card statements looking for fraud.
- Sign up for credit monitoring with a company like IDStrong.com so you can have peace of mind.
- Consider a credit freeze to keep anyone from opening accounts in your name.
Are There Any Lawsuits or Settlements for the LinkedIn Breach?
There was a $5 million class-action lawsuit, but the courts dismissed it in 2013 due to a lack of evidence that anyone suffered any injury due to the data breach. However, that was before the data was sold on the dark web.
f you were a paid Premium member, you were included in another $1.25 million class-action lawsuit and would have received damages as part of that. Each member was awarded a payout of up to $50.
Can My Information In LinkedIn Breach be Used for Identity Theft?
Yes, the information stolen can start the ball rolling for stealing your identity. All a scammer needs to begin is your email address. Then they can wage phishing or scam campaigns designed to fool you into providing the rest of the information they need. You may think you are dealing with your bank or some other reputable entity and happily log in or enter personal information; now, it’s in the hands of the hackers. You have to be on alert always to stay safe from identity theft.
How to Protect Yourself
It seems like every week we hear of another data breach somewhere. Although it may seem impossible to protect your information, there are things you can do to stay safe.
- Keep your computer and mobile devices updated with the latest software and security patches along with antivirus programs.
- Run deep scans often and watch out for malware.
- Be on alert for suspicious emails that ask you to verify your information or threaten that you may be locked out of your account. Those are phishing emails designed to trick you.
- Change all your online passwords frequently and use a complex combination of letters, numbers, and symbols.