LinkedIn Warns Members of Data Breach Fallout Four Years After the Fact

Um, what?

Seriously. This is no joke. LinkedIn sent out a note from their legal department and it is as real as the words on this page. You can even read it on the LinkedIn site.

On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.

Member email addresses, hashed passwords, and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012.

We invalidated passwords of all LinkedIn accounts created prior to the 2012 breach that had not reset their passwords since that breach. In addition, we are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. We are also actively engaging with law enforcement authorities.

LinkedIn has taken significant steps to strengthen account security since 2012. For example, we now use salted hashes to store passwords and enable additional account security by offering our members the option to use two-step verification.

We have several dedicated teams working diligently to ensure that the information members entrust to LinkedIn remains secure. While we do all we can, we always suggest that our members visit our Safety Center to learn about enabling two-step verification, and implementing strong passwords in order to keep their accounts as safe as possible. We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well.

This is Hacker 101. Hack website, steal information, sell on the dark web. This would have been a no-brainer in 2012. It's almost laughable that it took LinkedIn this long to figure it out.

The bottom line is, you really need to change your passwords often on the sites you use the most, a minimum of every six months. I know I've changed mine several times over since this breach happened, and most definitely when we were alerted to the Heartbleed bug. You need to take care of your own security.  

Seriously, if I were LinkedIn's brain trust, I'd be firing the ass of its security and legal teams. In 2016, if you have a business where you access a computer or mobile device, you are negligent and should lose your business license if you are putting everyone in your network at risk by keeping a security breach secret and not upgrading your IT.

Hacking Is Life

It's happened to everyone at some point on the web. Even to those seasoned and technically-savvy veterans of the Internet.

It is guaranteed to happen to those who surf the Net without a parachute and in complete and total ignorance.

You've been hacked.

It's a good chance everyone who has ever owned a Twitter or Facebook account has been hacked at some point. How? When you don't pay attention to what you are clicking. Some of those too-good-to-be-true or sexy salacious stories come with a hacksaw. You usually know when one of your buddies tells you they've just received some weird message from your account.

How do you get out of a social hack? Change your password. Log out. Log back in with the new password. Use a complicated password, like: iReallywantTogoto1henew5tarwarsMovi7 or something half that long.

You really do need a unique password for every account. Don't use the same one across the board or something simple, like benandsandy if those are your kids' names.

Even if your computer is Fort Knoxed, you can still get hacked. Your information is as secure as the IT from the companies you deal with. If Amazon decides to save money on IT and put it into a new launch instead, unless they have a blackhacker on staff, all their information is put at risk if their IT is not as tip top as they can pay for.

Need an example, besides Sony (which isn't just about movies but also your Playstation)? Here are some biggies:

Netflix
Go Daddy, Dropbox, Nissan, Mastercard, Visa, Reuters... in 2012
Facebook, Microsoft, NBC, Twitter... in 2013
Target, Michaels, AT&T, US and Canadian governments, Home Depot, Apple iCloud... in 2014
Anthem, IRS, JP Morgan Chase, British Airways... most recent

There is no getting around it. The Dark Web, where all of this information gets sold as hackers make money on your behalf, is bigger than the Internet you are currently using.

You can't hide. Even if you decide to put a moratorium on Internet travel, you can't control what other companies do when you shop in person, or how secure your cable company's records are. You can only use best practices and be diligent: strong and unique passwords (so what if you have to write them down in a book), don't do banking from a public wifi (coffee shops, airports), make sure your computer is fully upgraded and not too old for upgrades (I don't use my Windows XP laptop online anymore), have a really good and fully updated antivirus program.

Stop Being Dumb About IT

Target, Home Depot, Sony, and many more have something in common. Someone inside their networks, either internally or via a third-party supplier, opened the door to give free reign to hackers.

Of course, anyone who clicks an unsuspecting malicious link hasn't deliberately put their company at risk. It also does the boss no good if he or she singles out and punishes the employee.

What will lessen the chance of this happening is if your company actually invests money into its IT, rather than just pay lip service with an anti-virus here and a firewall there. That may be okay for one computer but if you have more than one synced to a server, installing more than one level of security will make it more difficult for the bad guys to sneak in.

The other thing you can do is train your staff to be more diligent about what might be construed as a phishing link, whether it is in their social media feeds, email, or from an online search for information. They should also be trained on the art of making up a password. If you have to tattoo it to your elbow to remember, so be it, but the simpler and more obvious the password, the wider the door has been left open.

Alex Holden sniffed down a group of Russian hackers who infiltrated 420,000 websites, stole the credentials, and used them for their spam campaign. In an interview with +Mitch Jackson on +Human.Social  he lists steps you must take if you think you've been hacked.

1. Assess the situation. What was taken? How was it taken? Was there more than one entry point?
2. Preserve the evidence.
3. Get the right people to advise you.
4. The process of recovery is a delicate one and cannot be rushed.

Here is the entire interview.

 

‘It’s F–king Stolen’

Yes, Sony was hacked and it was bad. Do you want to know what is worse? The media publishing the material they received as a result of the hack.

Just because it is Hollywood and too good to pass up on learning the dirty little secrets behind closed doors, somehow it is okay for even the most trusted news sources to publish private emails and material for all to see because it involves A-list public figures.

Target and Home Depot were hacked, too. Did the media publish the social insurance numbers and internal communications from those executives? Will they do it if a bank or insurance company gets hacked? 

Seth Rogan is right. It stinks and with regards to the material being published: "It's F--king Stolen."

This is no different than publishing the hacked photos from the private files (that were not publicly shared by the subjects) of Jennifer Lawrence and other celebrities. It's slimy and if hacking is a crime, perhaps publishing hacked material is also a crime. 

Sony Takes A Bit of Heat Over Its Hacking Scandal

It hasn't been a good week for Sony Pictures Entertainment, especially for its upper management. Due to a serious hack, which may have been done months ago, intellectual property details and embarrassing emails have been leaked publicly.

Media outlets could be criticized for piling on and furthering the impact of the hack by publishing some of the more salacious details. If the hack didn't involve A-list entertainment, and instead the Coca-Cola or Chevron hierarchy, would the intimate details be released? Maybe. Maybe not.

Here are some of the numerous story links about the hack that have flooded my inbox:

Lisa Kudrow Rips Sony Execs Over Leaked Emails

Sony Hackers Leak New Data, Threaten 'Christmas Gift' To Put Studio In 'Worst State'

Amy Pascal on Whether She's So Damaged She Can No Longer Lead Sony

Sony Hackers Flash Disturbing New Warning on Staffers' Computers

Sony Employees' Medical Records Among Hacked Data

Sony Had Evidence of Server Hack in February According to New Leaked Emails

New Sony Hack Attack Theory Suggests North Korea Was Involved But Had Insider Help

No Interviews at 'The Interview' Premiere Amid Sony Hacking Fallout

Sony Hackers Sent Top Execs Threatening Email Days Before Attack

Sony Hack Attack: FBI to Hold Employee Cybersecurity Awareness Briefings on Studio Lot

Cybersecurity Is A Start Against Business Cyberbullying

Project Blitzkrieg

When is the last time you updated Windows, Mac, your software, antivirus, checked your firewall, did a Disk Cleanup, or cleaned out your Internet history? At the bare minimum, these are your basic tasks to securing your system.

Leaving all of these items unchecked means your computer is at risk for outside hackers, your performance will suffer, and your laptop and desktop may ultimately shut down when it collects too much cache.

If you are still running on Windows XP (which Microsoft no longer updates as of early this year), you have now put your entire network at risk. Merry Christmas, you just invited hackers into your company and clients' computer systems.

If your company has not updated its computers, system, or security since they were purchased in 2010, you have just put all your suppliers and their suppliers at risk.

You can no longer afford to drive the Internet without up-to-date insurance. If you do, it's like leaving the doors to your house and your car wide open as you head out for a Hawaii vacation. Your not understanding technology isn't an excuse. Find or hire someone who does.

The stakes are high. We've seen many examples of late, including Target, Winners/TJ Maxx, and Home Depot. They put all their customers at risk for identity fraud and financial hacks.

While in the back of our minds, we might expect that something could happen with retailers whose investment in computer systems is so far down the line of priorities, it may not exist. Where we are surprised is when it happens to a digital savvy firm, one that produces digital content and products that we view our digital content on. This is why the Sony attack is huge. If it can happen to that organization, it can happen to any of us.