{"id":36916,"date":"2016-05-30T15:05:35","date_gmt":"2016-05-30T09:35:35","guid":{"rendered":"http:\/\/localhost\/one\/?p=36916"},"modified":"2025-06-09T15:46:53","modified_gmt":"2025-06-09T10:16:53","slug":"linkedin-security-breach-data-privacy-password-hacking","status":"publish","type":"post","link":"https:\/\/www.bananaip.com\/intellepedia\/linkedin-security-breach-data-privacy-password-hacking\/","title":{"rendered":"Privacy: The LinkedIn Security Breach"},"content":{"rendered":"<p style=\"text-align: justify;\">LinkedIn, a business oriented social networking site which was founded in the year 2002, has recently found its way in the headlines for the latest data breach committed by hackers on May17, 2016. This wasn\u2019t the first time it had faced such a breach. On 5th<sup>\u00a0 <\/sup>June, 2012, a \u00a0group of hackers managed to get hack 6.5 million user accounts and by the morning of June 6, passwords of such accounts were available online in plain text.\u00a0 This was followed by an apology by LinkedIn asking its users to immediately change their passwords. The company officials implemented a mandatory password reset for affected users. The internet security experts stated that the passwords were easy to unscramble because of LinkedIn&#8217;s failure to use a salt when hashing them, which is considered an insecure practice.<\/p>\n<p style=\"text-align: justify;\">The breach which had affected around 6 Million users was just the tip of the ice berg. According to the latest news, the data that was hacked recently on May 17<sup>th<\/sup>, 2016, was advertised on a dark website named Real Deal by someone with the user name <em>peace_of_mind<\/em>. It offers the hacked data of 167 million accounts for five bitcoins, which at current exchange rates is worth about $2,200. After becoming aware of the data breach, LinkedIn sent out an email stating that they are taking immediate steps to invalidate the passwords of the affected accounts, and they will contact those members to reset their passwords. Further, LinkedIn invalidated the passwords at risk. They also suggested the users to visit their safety centre to ensure they have two-step verification authentication and to use strong passwords in order to keep their accounts as safe as possible. <em>S<\/em>urprisingly, LinkedIn\u2019s response to the most recent breach is to repeat the same procedure which it had adopted in the original breach, by once again forcing a password reset for only a subset of its users.<\/p>\n<p style=\"text-align: justify;\">This hacking has been attributed to the insufficient security measures which were undertaken by LinkedIn.\u00a0 The leaked source reveals that most of the passwords which were hacked were extremely common passwords.\u00a0 According to the leaked source around 2.2 million of the 117 Million passwords which were exposed were easily guessed passwords. The password selling site also claims that passwords were stored in SHA1 with no salting, and this is not what internet standards propose. However, LinkedIn claims that after the breach which took place in 2012, it has added salt to its password hashing function. The site further claims that only 117 million accounts have passwords , while it is suspected that the remaining users have registered using Facebook or similar social media portals. It is pertinent to note that if someone is a LinkedIn user and has not changed his LinkedIn password since 2012, then his password\u00a0may not be\u00a0protected with the added salting capabilities making it vulnerable to the attack.<\/p>\n<p style=\"text-align: justify;\">Despite the steps which are being taken, the users of LinkedIn are still under a potential risk. Hackers are reportedly selling the trove of stolen emails and passwords, and even if they no longer work with LinkedIn, the credentials can potentially be used to unlock other popular sites and online services due to password reuse. The users need to be made aware regarding recurring instances of hacking of passwords. Sites like LinkedIn should pay more attention while giving a nod to stronger passwords and must stress on stronger encryption. Ensuring security on the internet demands attention from both the side of service providers and users. Even users should refrain from using the same password for multiple sites. They should also keep changing passwords at regular intervals to avoid unauthorised access to their passwords.\u00a0 The numbers of passwords which have been leaked makes it apparent that the current security approach of LinkedIn needs a complete overhauling.<\/p>\n<p style=\"text-align: justify;\">Authored by- Sudha Sameeskhya Mohanty<\/p>\n<p style=\"text-align: justify;\">Sources <a href=\"http:\/\/www.eweek.com\/security\/microsoft-tightens-password-security-as-linkedin-breach-looms-large.html\" target=\"_blank\" rel=\"noopener\">1<\/a>, <a href=\"http:\/\/fortune.com\/2016\/05\/18\/linkedin-data-breach-email-password\/\" target=\"_blank\" rel=\"noopener\">2<\/a>,<a href=\"http:\/\/fortune.com\/2016\/05\/18\/linkedin-data-breach-email-password\/\" target=\"_blank\" rel=\"noopener\">3<\/a>, <a href=\"https:\/\/www.troyhunt.com\/observations-and-thoughts-on-the-linkedin-data-breach\/\" target=\"_blank\" rel=\"noopener\">4<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post analyses the LinkedIn security breaches of 2012 and 2016, highlighting critical gaps in password protection and user safety. It underscores the ongoing risks and the urgent need for improved security measures and user awareness.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":13,"footnotes":""},"categories":[95],"tags":[8270,5052,8272,8267,8268,8269,8271],"class_list":["post-36916","post","type-post","status-publish","format-standard","hentry","category-privacy-data-protection","tag-cyber-security","tag-data-breach","tag-indian-legal-analysis","tag-linkedin-security","tag-online-privacy","tag-password-protection","tag-user-account-safety"],"_links":{"self":[{"href":"https:\/\/www.bananaip.com\/intellepedia\/wp-json\/wp\/v2\/posts\/36916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bananaip.com\/intellepedia\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bananaip.com\/intellepedia\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bananaip.com\/intellepedia\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bananaip.com\/intellepedia\/wp-json\/wp\/v2\/comments?post=36916"}],"version-history":[{"count":2,"href":"https:\/\/www.bananaip.com\/intellepedia\/wp-json\/wp\/v2\/posts\/36916\/revisions"}],"predecessor-version":[{"id":135145,"href":"https:\/\/www.bananaip.com\/intellepedia\/wp-json\/wp\/v2\/posts\/36916\/revisions\/135145"}],"wp:attachment":[{"href":"https:\/\/www.bananaip.com\/intellepedia\/wp-json\/wp\/v2\/media?parent=36916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bananaip.com\/intellepedia\/wp-json\/wp\/v2\/categories?post=36916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bananaip.com\/intellepedia\/wp-json\/wp\/v2\/tags?post=36916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}