Account Takeovers Follow LinkedIn Data Breach, 2012 & 2016

On June 6th, 2012, LinkedIn responded to a seemingly harmless data breach that had occurred the day before. It appeared as though Russian hackers had stolen over 6 million encrypted passwords. That sounds like bad news until you learn that they didn’t appear to have stolen the corresponding email addresses.

Nonetheless, LinkedIn informed its affected users. Their passwords were automatically voided, and LinkedIn sent out password reset instructions. No biggie.

But it would take four years for the full truth of the matter to reveal itself. The hack on June 5th, 2012 was far bigger than anyone had anticipated.

In May 2016, a list of 167 million email accounts and LinkedIn passwords appeared for sale on the dark web for a mere $2.200 (5 Bitcoins).

But why the four-year wait?

We're unlikely to ever know 100% why it took so long for the hacker to make the data available online. All we can do is speculate. But as Troy Hunt (web security expert and founder of HaveIBeenPwned) pointed out in a blog about the incident, it’s not particularly unusual for hackers to sit on data for years. In fact, it’s near certain that many more companies have been hacked and are yet to know anything about it.

In the immediate aftermath of the LinkedIn data leak discovery, several prominent figures found themselves subject to account takeovers. Hacker group, OurMine, sent Tweets from the accounts of Twitter co-founder Biz Stone, Minecraft creator Markus Persson, pop star David Choi, and actor Sawyer Hartman. All 4 were on LinkedIn. Stone clarified that the hackers hadn’t posted directly from his Twitter account, but had instead taken over "another service that had posting access to his Twitter account."

Hackers begin by targeting highly visible people in the dataset. They have a limited time in which to take over accounts before people learn of the data breach and change their passwords. It makes sense for hackers to maximise their impact by first taking over the accounts of prominent individuals.

As well as these strange account takeover incidents, it’s also likely that hackers used the breached data in phishing scams.

What made this data breach controversial is the fact that the passwords stolen in 2012 were poorly encrypted by LinkedIn. It would take a matter of hours for hackers to unscramble the passwords and get to work. It brought to light how vulnerable we are when we put our data into the hands of any online company, even one that is highly used and respected.

Ultimately, as individuals, we need to ensure that we are doing all we can to protect our personal and business data online.