![]() ![]() If you have questions about your personal account, please contact us here. ![]() We will soon be sending more information to all members that could have been affected, even if they’ve updated their password. These were accounts that had not reset their passwords since the 2012 breach. We’ve finished our process of invalidating all passwords we believed were at risk. We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply. In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts. Feel free to reset your password by following the directions here. However, regularly changing your password is always a good idea and you don’t have to wait for the notification. We will be letting individual members know if they need to reset their password. We have begun to invalidate passwords for all accounts created prior to the 2012 breach that haven’t updated their password since that breach. We're moving swiftly to address the release of additional data from a 2012 breach, specifically: ![]() We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We take the safety and security of our members' accounts seriously. We have no indication that this is as a result of a new security breach. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure. Instead, it pays to be aware that this information is readily available, and to always validate any suspicious email requests like changes in payment information using a phone call to a familiar voice.In 2012, LinkedIn was the victim of an unauthorized access and disclosure of some members' passwords. "For many of us, LinkedIn is a necessary tool for promoting both ourselves and our employers – one that can't be ignored. "For some, it may be possible to simply not have a profile to limit their exposure – but this is an increasingly untenable position," added Clymber. In other words, due diligence is always recommended on all social media platforms, including LinkedIn. "Social media fills that instant gratification void and the humanistic need to be 'liked.' We all need to be wiser at knowing that we don't need to give an opinion on everything in the world nor to provide the online world sensitive details of our personal lives and those close to us." "Recent FBI warnings of incidents of thieves befriending people on the app and then baiting or even goading these unsuspecting users into crypto currency scams and other types of scams provide horrific examples of what can happen if one isn't careful," explained Garrubba. "All social platforms have the potential to be exploited by nefarious people and LinkedIn is certainly no exception," said Tom Garrubba, director of TPRM (Third Party Risk Management) professional services with Echelon Risk + Cyber. This is really no different from over-sharing on Facebook or Instagram of course. "Detailed resumes also provide valuable information that can be used in social engineering campaigns." "Personally Identifiable Information (PII) is a common component of a resume, and this is publicly exposed in a LinkedIn post," said Marsden. LinkedIn encourages the sharing or resumes for job seekers, but this can expose sensitive information about the user. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |