In 2012 LinkedIn was hacked by Russian cyber criminals, who extracted more than 164 million account details including usernames and passwords. Initially, there was only thought to be 6.5 million accounts compromised, that number has risen steadily to the now confirmed number of 164,611,595 million accounts.
Last week the stolen data was offered on the dark web for $2,200 (£1,500) in bitcoin, the buyer has now released it publicly in a massive data dump. Though the reasons are unclear as to why the data has not been released before now, it has now been made available to the general public.
Even though LinkedIn has now prompted users to change passwords created before 2012, there are some account holders that have not yet changed their passwords. Also there is still a risk to those who reuse their passwords.
Troy Hunt, a security researcher in Australia has made it possible to easily find out if your details are at risk. On Monday, Hunt added all of the LinkedIn data to his breach notification website ‘Have I Been Pwned?’, which also contains the data for the Adobe breach in 2012. Individuals can type in their e-mail address and if there is a match on the database then they will be informed of the risk and advised to change their passwords.
Keep in mind that it is not just the LinkedIn or Adobe accounts of the compromised users that could be at risk, but any other site or app in which they use the same password. It is best practice to choose passwords with a minimum of 8 characters (15 is recommended), lower and upper case with numbers and symbols. Each password should be single use, this may be seen as a significant challenge, but there are a number of password manager apps available to help keep track of multiple passwords.