Tag Archives: Linkedin

Hackers would like to join your LinkedIn network – and you’d probably accept them


BELCHATOW, POLAND - APRIL 11, 2014: Photo of Linkedin social network homepage on a monitor screen.

Is that Linked contact really who they say they are?

Research demonstrates how a willingness to connect to strangers on LinkedIn might be putting your company at risk.

For many LinkedIn is a handy way of keeping up with old colleagues and maybe even finding a new job — and many think that the bigger their network of contacts, the better.

So if a contact request comes in from a recruiter, even one they had never heard of before, many might think there would be little harm in accepting.

But what if that wasn’t a recruiter, but rather a hacker using a fake profile in order to gain access to you, your contact details, and the rest of your network? In connecting you’ve potentially put yourself and your company at risk of being hacked, breached, or otherwise targeted by cybercriminals.

Certainly people are often more than willing to accept a request from a complete stranger to join their network on LinkedIn.

In fact, according to a survey of 2,000 people by cybersecurity researchers at Intel Security, nearly one quarter (24 percent) say they’ve connected to someone they don’t know on LinkedIn, thus potentially allowing hackers to access to a wealth of information which could be used for spear-phishing, malware drops, and other nefarious means.

“We’re opening ourselves up to the world without any real consideration with regards to who we’re allowing on our network,” Raj Samani, CTO of EMEA for Intel Security.

Once provided with access to a person’s network, malicious actors are able to gather data and research potential targets for attacks, potentially even eventually connecting up to senior executives and CEOs.

If a hacker successfully gains access to the contact details of an executive, they could potentially use the trust associated with someone in a senior position to carry out fraud and other criminal activities.

Hacker puts up 167 Million LinkedIn Passwords for Sale


LinkedIn’s 2012 data breach was much worse than anybody first thought.

In 2012, LinkedIn suffered a massive data breach in which more than 6 Million users accounts login details, including encrypted passwords, were posted online by a Russian hacker.

Now, it turns out that it was not just 6 Million users who got their login details stolen.

Latest reports emerged that the 2012’s LinkedIn data breach may have resulted in the online sale of sensitive account information, including emails and passwords, of about 117 Million LinkedIn users.

Almost after 4 years, a hacker under the nickname “Peace” is offering for sale what he/she claims to be the database of 167 Million emails and hashed passwords, which included 117 Million already cracked passwords, belonging to LinkedIn users.

The hacker, who is selling the stolen data on the illegal Dark Web marketplace “The Real Deal” for 5 Bitcoins (roughly $2,200), has spoken to Motherboard, confirming these logins come from the 2012 data breach.

Since the passwords have been initially encrypted with the SHA1 algorithm, with “no salt,” it just took ‘LeakedSource‘, the paid search engine for hacked data, 72 hours to crack roughly 90% of the passwords.

Troy Hunt, an independent researcher who operates “Have I Been Pwned?” site, reached out to a number of the victims who confirmed to Hunt that the leaked credentials were legitimate.

The whole incident proved that LinkedIn stored your passwords in an insecure way and that the company did not make it known exactly how widespread the data breach was at the time.

In response to this incident, a LinkedIn spokesperson informs that the company is investigating the matter.

In 2015, Linkedin also agreed to settle a class-action lawsuit over 2012’s security breach by paying a total of $1.25 million to victims in the U.S, means $50 to each of them.

According to the lawsuit, the company violated its privacy policy and an agreement with premium subscribers that promised it would keep their personal information safe.

However, now new reports suggest that a total 167 Million LinkedIn accounts were breached, instead of just 6 million.

Assuming, if at least 30% of hacked LinkedIn Accounts belongs to Americans, then the company has to pay more than $15 Million.

Meanwhile, I recommend you to change your passwords (and keep a longer and stronger one this time) and enable two-factor authentication for your LinkedIn accounts as soon as possible. Also, do the same for other online accounts if you are using same passwords on multiple sites.

Do you see a pattern here?  Social media is getting hit hard so as I said above and many times before, change your passwords frequently and make then stronger !!!