Linkedin is asking its users to change passwords because a security flaw in the social network of professionals leaves them vulnerable 117 million users. Some even are selling other accounts. The worst is that the vulnerability was discovered four years already.
This security flaw is to leave Linkedin in trouble. The social network for professionals will be very difficult to explain why they did not act in time to overcome a problem that has been detected for the first time in 2012.
According to a post on the official blog of LinkedIn, the passwords that are now on sale have been collected in the 2012 attack but at the time the social network was limited to make an automatic reset to all vulnerable accounts and issue a warning.
But that was not enough, so now Linkedin will invalidate all authentication data in the accounts that are part of the list that is for sale and contact the users to change password. And if you have an account on LinkedIn, the best thing to do is choose a keyword phrase, much more secure than the usual keywords. And, you know, do not put their names or the family or birthdates. These are some of the worst passwords you can use.
In its official blog, LinkedIn said to have demanded that the availability of stolen data cease and it will “assess a potential legal action” if this request is not met. “However, we are using automated tools to try to identify and block any suspicious activity that may occur in affected accounts.”