Posted and Relevant May 26, 2016
Back in 2012, LinkedIn reported a breach whereby a hacker stole account login information. It was pretty big news at the time, but nothing compared to this week when LinkedIn announced that the data breach was much worse than initially believed. In fact, instead of the originally reported 6.5 million members who had their personal information stolen, it is now estimated that more than 117 million accounts were compromised.
Why Should You Care?
Think back four years ago. If you were like many, you used the same username and password for multiple accounts. Meaning, your LinkedIn login information may have been the same login that you used for your bank account. Or your email account. Or your Facebook account. Maybe your password is still the same.
What Should You Do?
There are a few steps you might want to consider:
- See if your email address has been stolen, or is now being pawned on the Internet Black Market. You can run a self-test at: Have I Been Pwned.com.
- If your email does show up, change your LinkedIn password immediately. Even if your email address does not show up, it’s probably a good idea to change it. Use at least 15 characters, with a mix of uppercase and lowercase letters, numbers, and special characters like %, &, #, etc. Here are instructions for changing your LinkedIn password.
- If you use your current LinkedIn password on other accounts, immediately change the password on those accounts as well.
- Take advantage of LinkedIn’s Two-Step authentication. With Two-Step, when you login to LinkedIn from a new device, LinkedIn will send you code that you must enter before you can access your account. This ensures no one but you can modify your profile and login information. Here are instruction for setting up Two-Step.
- Consider using a Password Manager, which is a service whereby you create and remember one master password. Your Password Manager will then automatically create virtually un-hackable passwords for all of your accounts, and using your master password, automatically log you in when you visit a protected site. The two best Password Managers are Dashlane and LastPass.
- If your LinkedIn account was breached, and/or your email address is showing up in step #1 above, consider purchasing an ID Theft Monitoring service. My good friend and colleague, John Sileo, has a great blog post and video where he shares what to look for when considering different products.
Finally, remember that the breach happened four years ago; the new information is just that it was larger than originally thought. Since that time LinkedIn has dramatically improved it security, and they take great care to protect member information. Saying that, it’s always a good idea to change your passwords on a regular basis.
Hopefully you were not one of the impacted LinkedIn members, or you’ve already changed your LinkedIn login information during the past couple of years. Regardless, take this breach seriously and consider implementing the steps above to keep your important information private and out of the hands of people who could damage your reputation or worse, your bank account.