• LinkedIn Breach: Worse Than Advertised
    28 replies, posted
[quote]A data breach notification site says that nearly 170 million credentials appear to have been compromised in the 2012 breach of social networking site LinkedIn, which is a far cry from the 6.5 million that initially came to light. In fact, the quantity of credentials suggests that attackers obtained virtually every LinkedIn username and hashed password. "LinkedIn.com was hacked in June 2012, and a copy of data for 167,370,910 accounts has been obtained by LeakedSource which contained emails only and passwords," according to a May 17 blog post from breach notification site Leaked Source, which charges a fee to subscribe. "Passwords were stored in SHA1 with no salting. ... Only 117 [million] accounts have passwords and we suspect the remaining users registered using Facebook" or some other service, Leaked Source says, noting that it purchased the credentials for 5 bitcoins - currently worth $2,300 - on the dark web forum "The Real Deal" from a seller using the handle "Peace." It also claims that it's now cracked nearly all of the hashed passwords. Leaked Source has shared 1 million of the passwords with Vice Motherboard, which reports that two of the users it contacted - after finding their details in the dump - confirmed that it correctly listed their 2012 LinkedIn passwords.[/quote] source: [url]http://www.databreachtoday.com/linkedin-breach-worse-than-advertised-a-9113[/url]
Well, glad I don't use LinkedIn.
Uhhhhhhhhh shit. Did I have linkedin at that time?
[IMG]http://i.imgur.com/vrdV4BC.png[/IMG] :goodjob: Real talk though, I've had my LinkedIn for a while. Is there anywhere I can check if I was breached?
Don't think I signed up for LinkedIn until last year. And I've changed my password since then. Shit sucks though.
No salting? Really? It's so easy to do that nowadays. Guess I'll never use this service until they make an announcement saying they're finally caught up.
[QUOTE=Protocol7;50345984][IMG]http://i.imgur.com/vrdV4BC.png[/IMG] :goodjob: Real talk though, I've had my LinkedIn for a while. Is there anywhere I can check if I was breached?[/QUOTE] OP says if you had it in 2012, you were breached with this specific breach. Did you have it in 2012?
[QUOTE=Protocol7;50345984][IMG]http://i.imgur.com/vrdV4BC.png[/IMG] :goodjob: Real talk though, I've had my LinkedIn for a while. Is there anywhere I can check if I was breached?[/QUOTE] Sometimes I wonder how effective blacklisting the recurring usual suspects would be for password security compared to those annoying password rules (at least one upper and one lower case letter, at least one number, etc). Maybe blacklist some obvious "Plan B" variants as well (654321 as a Plan B to 123456 for example).
I have no idea when I joined... [editline]18th May 2016[/editline] Oh, under Privacy and Settings. I only joined in 2015 so I'm good.
Fuck sake, I signed up in 2011. Guys, prepare for me to get compromised again.
Rechanged my PW anyways and don't reuse PW's so while it sucks, don't reuse passwords
really glad I use a unique password for it then, no worries as I didn't have much on there.
I made my LinkedIn profile since 2014, I'm safe for now.
Everyone reading this thread take in account this happened back in 2012 and in that sense is old news.
LinkedIn is a terrible service. They say it's really important for your career but I feel like there isn't a human being who uses or works for LinkedIn who knows what good web design looks like
[QUOTE=proboardslol;50346668]LinkedIn is a terrible service. They say it's really important for your career but I feel like there isn't a human being who uses or works for LinkedIn who knows what good web design looks like[/QUOTE] Their web design is somewhat cluttered. But as a service it works fine. Does what it needs to do. I'm still regularly being scouted by fucking recruiters, which means the site is working but holy shit no I don't want to give up my current job right now, I don't hate everyone enough yet.
LinkedIn is great for networking in lots of different aspects. Just have to know how to use it.
[QUOTE=proboardslol;50346668]LinkedIn is a terrible service. They say it's really important for your career but I feel like there isn't a human being who uses or works for LinkedIn who knows what good web design looks like[/QUOTE] Webdesign isn't the point of the site, it's for networking and getting jobs. It's much easier to have people find you for jobs with a LinkedIn without one.
[QUOTE=agentfazexx;50346038]OP says if you had it in 2012, you were breached with this specific breach. Did you have it in 2012?[/QUOTE] Member since June 27, 2011. Well, shit. At least I've changed passwords a few times.
[QUOTE=proboardslol;50346668]LinkedIn is a terrible service. They say it's really important for your career but I feel like there isn't a human being who uses or works for LinkedIn who knows what good web design looks like[/QUOTE] Been in IT for 10 years, next year and I'm at just under 100k at 29 years old. I don't use LinkedIn. It's not "essential" or "important" for your career at all. This is why why we have Dice, Monster, Indeed, Career Builder, etc etc. [editline]18th May 2016[/editline] [QUOTE=Protocol7;50346784]Member since June 27, 2011. Well, shit. At least I've changed passwords a few times.[/QUOTE] You should be changing all passwords every 90 days at maximum.
[QUOTE=agentfazexx;50347066]Been in IT for 10 years, next year and I'm at just under 100k at 29 years old. I don't use LinkedIn. It's not "essential" or "important" for your career at all. This is why why we have Dice, Monster, Indeed, Career Builder, etc etc. [editline]18th May 2016[/editline] You should be changing all passwords every 90 days at maximum.[/QUOTE] thats a bit overkill
[QUOTE=agentfazexx;50347066]Been in IT for 10 years, next year and I'm at just under 100k at 29 years old. I don't use LinkedIn. It's not "essential" or "important" for your career at all. This is why why we have Dice, Monster, Indeed, Career Builder, etc etc. [/QUOTE] LinkedIn is still one of the larger networking sites out there and being the biggest gets you more exposure, I've been in IT for 6 and making now around 92ish(not including bonuses) and I will credit linkedin to some of it. The ones you listed are great but there are also a lot of benefits to liking your vendor's page, auto notifications, and various other things about LinkedIn that makes it stand out a bit more; not to say Dice and Indeed aren't good. However, having maximum exposure and networking with a large community in one place is useful.
Ah. It's probably this and not Nexus that resulted in someone trying to access some of my accounts then, if nearly all of the hashed password have been cracked. Fuck you Nexus [I]and[/I] LinkedIn. [editline]18th May 2016[/editline] I'm glad we live in an age where 2-factor authentication and locking accounts immediately after suspicious activity is detected are becoming commonplace.
Deleted account, I never use it anyway.
[QUOTE=agentfazexx;50347066] You should be changing all passwords every 90 days at maximum.[/QUOTE] Takes longer than that for many people to get the password memorized.
[QUOTE=Swebonny;50346568]Fuck sake, I signed up in 2011. Guys, prepare for me to get compromised again.[/QUOTE] Postal, ban this sick filth.
I've got a linkedin account. Only since late last year though. I haven't even added a profile picture to it. It's crap, it's mostly armchair psychologist marketing theories posted by people who own think they're more important than they really are.
[QUOTE=TestECull;50348398]Takes longer than that for many people to get the password memorized.[/QUOTE] Its 90 days is actually a requirement for PCI compliant businesses and probably several other compliance standards as well.
Sorry, you need to Log In to post a reply to this thread.