2012 LinkedIn Breach, 2016 Fallout

Login credentials for several million LinkedIn accounts were hacked and exposed on the internet back in 2012. In May 2016, over a hundred million email addresses and/or passwords were listed for sale on a hacker site.  Experts believe that this information still likely dates back to the original hack in 2012.  After the 2012 breach was reported, LinkedIn implemented additional countermeasures such as “salting,” a method of planting random characters in stored passwords.

A list has been compiled of the most common passwords used by hacked accounts. Not surprisingly, the list includes some of the most common passwords used across the internet, offering us all a few important reminders.

• Use complex passwords with uppercase and lowercase letters, numbers and symbols if possible. Simple number patterns like 123456 or 111111, or lazy passwords like “linkedin” or “password” make up a large portion of the most common passwords in this breach and many others.
• Change passwords regularly, especially after a reported breach. And after a breach at a site you may frequent, change primary passwords for your email account(s) again as well.
• Do NOT use the same password or password pattern across multiple sites you frequent. When someone purchases your login info on the black market, they’re likely to give those login names and passwords a try at many of the most popular sites (think: Amazon, banks, email accounts, etc.).
• When offered, opt in for multi-factor authentication.
• Consider using a reputable password manager

If you’d like a headstart in researching whether your email address has been included in any of the most recent and high-profile data breaches, visit haveibeenpwned.com.