CEOs, top execs, and everyone else on LinkedIn: Your login credentials are being bought and sold on the dark web, so it's time to change your passwords!
The 2012 breach of social networking site LinkedIn, has come back to haunt us. That breach resulted in 6.5 million members' credentials being stolen. Articles published in the last day report that the number was way short of reality - it's actually more than 167 million email and password combinations - or nearly all the members of LinkedIn.
The best thing you can do now is to change your password. If you created your account more than 4 years ago and never changed your password, you won't have a choice. LinkedIn CISO Cory Scott wrote in the official blog yesterday evening,
We have begun to invalidate passwords for all accounts created prior to the 2012 breach that haven’t updated their password since that breach. We will be letting individual members know if they need to reset their password.
Changing your password regularly is a good practice, and this time it is imperative. The stolen information is allegedly for sale on the dark web. The creator of the "Have I Been Pwned?" service, Troy Hunt, tweeted,
I'm seeing claims of a 167M record LinkedIn data breach and it's presently being sold for 5 BTC on a dark web trading site. Anyone verified?— Troy Hunt (@troyhunt) May 18, 2016
The online publication Motherboard reports that a hacker calling himself "Peace" is selling 117 million sets of login credentials on the illegal marketplace The Real Deal for 5 bitcoin, which is valued roughly at $2,200. The difference in the amount stolen and for sale is probably due to LinkedIn members who registered via Facebook.
LeakedSource lists the most popular passwords among LinkedIn users, and it's hardly a surprise.
You've seen the rules before: Use long, strong passwords that mix letters, numbers, special characters, and capital letters. And by all means, avoid using the same password on different accounts. Once a hacker has one set of credentials, he can use them to break into your other accounts.
We know it's difficult to remember all those passwords and nearly impossible to change them regularly. That's why we made Avast Passwords. Read more about it in, How to create strong, unique passwords for all your accounts (and remember them!)
Avast Passwords manager is free to all Avast 2016 users who use Free Antivirus, Pro Antivirus, Internet Security, and Premier. Avast Passwords helps you manage passwords across all your devices and all you need to remember is one main password.
Clarifying what happened and outlining our next steps in protecting CCleaner customers
The breach has been stopped, but whether or not you’ve been compromised, there are critical next steps to take.