CyberScout

Lessons from the LinkedIn Hack

Lessons from the LinkedIn Hack

The sheer idea of hacking into a network and stealing data is based on being stealthy. Hackers are really good at that.

The revelation last week that the password breach first reported by LinkedIn in 2012 was, in fact, much bigger than anyone thought, proves the point.

Related podcast: Proactive security measure have become a cost of doing business

I’m inclined to believe LinkedIn genuinely might not have originally known the full extent of the breach. Why would they admit to it and say they lost “only” 6 million passwords? The damage is the same whether they admit to 6 million, or, as we now know the true figure to be, 117 million lost passwords.

If I recall correctly, at the time, there were reports that some of the stolen LinkedIn passwords were as simple as 12345. I find that hard to believe, since LinkedIn does have password rules supposedly preventing the use of such simple numeric strings. Still, this goes to show that some people never learn.

LinkedIn is a business platform; it’s not Facebook. All LinkedIn users should be well aware of issues such as this, and know how to behave. Everyone should’ve changed their password by now. Anyone who still hasn’t change their password, should have their LinkedIn account locked and deleted.

What perplexes me is why the hackers would sit on this data for four years, and then try to sell it. Four years later, that information is likely stale. And again, if it isn’t, if someone hasn’t changed their password, they should have had their account locked.

I really have zero tolerance, zero mercy for such behavior. This is 2016, and we all know how easy it is to be hacked. We all need to adopt a proper and secure behavior.

People, change your passwords, so that huge stolen database will be completely obsolete.

This article originally appeared on ThirdCertainty.com.