National Cyber Security Centre
Printable version |
Guidance on the historic LinkedIn incident (2012)
NCSC guidance following the renewed press interest in the historic hack of LinkedIn
We are aware that there is renewed press interest in the historic hack of LinkedIn. This is not a recent attack, it took place in 2012, and does not constitute a strategic threat to national security. Users were advised at the time by LinkedIn to change the passwords to their accounts and any other accounts that used the same password. The same advice was issued in 2016 when compromised LinkedIn credentials were found being sold by criminal groups.
- If you have a LinkedIn account and have not changed the password recently then you should do that now.
- If you no longer use your LinkedIn account then close it.
- You should not reuse passwords between personal and work accounts. If you did reuse passwords, or variations of passwords, between work systems and LinkedIn, then also change your work one.
- You should enable multi-factor authentication (also known as two-step or two-factor authentication) not just on your LinkedIn account but also on your personal email and social media accounts. Multi-factor authentication makes it much more difficult for your account to be hacked. For more information about how to enable multi-factor authentication for common online services, please refer to the following:
-
LinkedIn
https://www.linkedin.com/help/linkedin/answer/544/turning-two-step-verification-on-and-off?lang=en -
Google (including email)
https://www.google.com/landing/2step/ -
Facebook
https://www.facebook.com/help/148233965247823?helpref=faq_content -
Apple (including iCloud)
https://support.apple.com/en-gb/HT204152 -
Microsoft (including Hotmail)
https://support.microsoft.com/en-gb/help/12408/microsoft-account-about-two-step-verification
The NCSC advocates a sensible and user-friendly approach to passwords, recognising that usability is critical to effective security. As set out in our password guidance, this includes prioritising technical solutions in order to reduce the burden on users. To help people improve their password practices and manage the many passwords they need, we recommend the use of password managers. We advise against the regular changing of passwords where there is no indication or suspicion of compromise. However, the advice has always been clear that where there is evidence that your password has been compromised it should be changed quickly.
Further cyber security advice for individuals and small businesses is available from www.cyberaware.gov.uk.