C&M Software Blog LinkedIn Urges Users to Enable 2FA After Breach

On Wednesday, LinkedIn announced that a 2012 data breach containing email addresses and passwords was much worse than originally thought. In 2012, a hacker stole 6.5 million encrypted passwords from the site and posted them on a forum for sale. Now, four years later, an additional set of data has been released with more than 100 million LinkedIn members email and password combinations from the same theft. According to a source from Motherboard, the hacker is attempting to sell 117 million records for about $2,200 in bitcoin.LinkedIn has taken measures to improve the security of their site since the data breach including stronger encryption and two-factor authentication. LinkedIn's chief information security officer, Cory Scott, mentioned in a post addressing the incident that the company had required all accounts believed to be comprised to reset their passwords. In addition, Scott mentioned that LinkedIn began appending random data to passwords before they're encrypted making them less vulnerable, called "salting." This encryption feature was implemented after the 2012 incident.To make sure your LinkedIn account is protected, all users are urged to reset their passwords (whether you believe you may have been affected or not) and to enable the two-factor authentication (2FA) feature as a precaution. 2FA adds an extra layer of protection in addition to the traditional passwords most of us are used to.To enable 2FA on LinkedIn: Click Privacy & Settings (under your profile picture in the top right corner). Click the Privacy tab (located in-between Account and Communications).Scroll down to Security and click on Two-step verification.Turn on two-step verification. C&M Software is a leader in security and business intelligence solutions. To learn more about two-factor authentication, Contact Us.