I've Been Pwned! Now What?

By Michael Lines on September, 20 2016

Get latest articles directly in your inbox, stay up to date

Back to main Blog
Michael Lines


Pwnd.jpg

 

In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site four years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

 

If you had signed up your email addresses with haveibeenpwned.com, it is likely you would have just been notified of the fact that your email address and password were exposed in this breach. 

 

Now what?

  • First, change your LinkedIn password to a unique and strong password.
  • Second, if you have not installed a password manager such as 1Password or LastPass, now would be a good time. Password managers allow you to easily generate, manage, and use hundreds of unique and strong passwords, something that would be impossible if you were memorizing them. Memorizing passwords usually leads to the bad situation of people reusing them across multiple sites, which then leads to the equally bad situation of having your credentials compromised on one site, which leads to their compromise on other sites by default. 
  • Third, make use of second factor authentication mechanisms if they are available. LinkedIn, for example, offers two factor authentication where you'll be asked to provide a cell phone number that will be used to send you verification codes each time you sign in to LinkedIn from a device they don't recognize. Gmail, Apple, and others offer similar controls and it is advisable to make use of them. 
  • Finally, sign up for haveibeenpwned.com with the email addresses you use on the web. This site provides a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. If a new breach does occur in the future, you will be notified to change your passwords on the impacted site. 

 

This piece was originally posted on LinkedIn Pulse and is reposted here with the permission of Michael Lines.

 

Submit a Comment

Get latest articles directly in your inbox, stay up to date