A 2012 LinkedIn breach exposed 164M accounts, revealed in 2016, with weakly secured password hashes.
- Records exposed
- 164,611,595 records
- Breach date
- Breach May 5, 2012
- Last update
- Updated May 21, 2016
What data was exposed?
Fields reported as compromised in this breach record.
Why does this breach matter?
In-depth analysis of the breach and its implications.
In May 2016, a significant data breach involving LinkedIn came to public attention. However, the breach itself occurred in May 2012, where approximately 164 million email addresses and password hashes were stolen. Despite the initial breach, the compromised data remained undisclosed until 2016, when it surfaced for sale on dark web marketplaces. An analysis of the exposed passwords revealed they were hashed using the SHA-1 algorithm without the inclusion of salts—a practice that significantly reduced their security and allowed for efficient cracking by malicious actors.
Impact Analysis
Understanding the scope and consequences of this breach.
- User Impact
- Compromised credentials could result in account hijacking if reused across services.
- Business Impact
- Damaged trust and reputational harm to LinkedIn, highlighting inadequate data protections.
- Affected Sectors
- Information Technology
- Social Networking
- Geographic Impact
- Global
What You Should Do
Recommended actions to take in response to this breach.
If You Were Affected
- •Change the LinkedIn account password immediately.
- •Ensure the updated password is unique and strong.
- •Monitor accounts for unusual activity.
- •Enable two-factor authentication if not already enabled.
Preventive Measures
- •Adopt strong, unique passwords across all services.
- •Utilize a password manager to securely generate and store credentials.
- •Stay aware of breach notifications and act accordingly.
- •Encourage services to employ advanced hashing techniques and prompt breach disclosure.
Frequently Asked Questions
Common questions about this breach and what it means for you.