Last week, LinkedIn made a surprising announcement: data from a security breach that occurred at the social networking company in 2012 just now became available online—four years after that fact! Luckily, the only data revealed were member email addresses, passwords, and LinkedIn member IDs. But that information is often enough to execute the kinds of “social engineering” scams so prevalent today.
Social engineering occurs when hackers scour the Internet for information pertinent to a company and its employees. Then, using email accounts that look suspiciously like those of key executives at the business (think [email protected] instead of [email protected]), those hackers will try to initiate financial transfers, direct users to click on illicit links, or urge employees to open and review an attachment that can install malware, ransomware, or other viruses on computers and networks.
In the case of this LinkedIn breach, hackers are taking over profiles to send direct messages and post stories that appear to be legitimate. Say you have 250 connections, many of whom know and trust you. If a hacker takes over your profile, and those 250 connections click on an infected link and cause harm to your computer, how do you think that will affect your reputation among your professional circle?
Luckily, the extent of the breach, which was revealed in 2012, is limited. LinkedIn acted fast to invalidate all the passwords for those accounts created prior to 2012 that had not reset their passwords. Anyone who created a profile AFTER 2012 is relatively secure thanks to LinkedIn’s more advanced password protection, which includes two-factor authentication. The company is also employing the kind of advanced and automated network security tools that IT companies like CMIT Solutions rely on every day to analyze Internet traffic and block suspicious activity.
What Else Can You Do to Prevent Your Data from Being Compromised by a Similar Kind of Breach?
1) Create strong passwords that are unique to different accounts. The first rule of good password management? Don’t use the same password for multiple sites, which can increase the risk of intrusion or compromise. The second rule? Don’t waste time trying to remember all those individual passwords. That’s where a strong password manager built for your business needs comes into play. Imagine how much time you’d save never resetting passwords (and losing track of them) again.
2) Never open ANY attachment or cli