Not two weeks ago, LinkedIn made big data breach news when hackers claimed to have more than 100 million usernames and passwords up for sale.
Fortunately, the data wasn’t new, coming from a breach that happened four years ago.
What was new was the size of the list that was up for sale, nearly 20 times the size of the 6.5 million passwords that were reported to have been stolen back in June 2012.
The LinkedIn breach was made worse by the way the passwords were stored, using unsalted SHA-1 hashes.
What that means is that although LinkedIn didn’t keep your actual password, it didn’t do enough to secure it against a breach.
View the full article