117 Million Emails and Passwords Stolen and LinkedIn Still Hasn't Deleted My Account [Link]

May 18, 2016 by Gabe | [mmd] | ℳ↫

Way back in 2012 LinkedIn had a breach and an unspecified amount of information was stolen.

From Vice

Both Peace and the one of the people behind LeakedSource said that there are 167 million accounts in the hacked database. Of those, around 117 million have both emails and encrypted passwords.

And later...

LeakedSource provided Motherboard with a sample of almost one million credentials, which included email addresses, hashed passwords, and the corresponding hacked passwords. The passwords were originally encrypted or hashed with the SHA1 algorithm, with no “salt,” which is a series of random digits attached to the end of hashes to make them harder to be cracked.

By 2012 I had already closed my account because LinkedIn is gross and aggressive. To this day, LinkedIn still suggests my closed (described as "deleted" at the time) profile to people. I also still get LinkedIn spam. I wasn't wrong to close my account. Their business is to churn through people like they're making sausage. Read their responses to Vice. They didn't care about the breach then and they still don't care now.

Back when this all happened, LinkedIn made trivial efforts to protect users and mostly dismissed the entire thing:

The company stressed that there had been no reports of compromised LinkedIn accounts as a result of the password theft and that it continues to work with law enforcement on investigating the breach.

There's still a LinkedIn class action suit for this breach and what it seeks is kind of laughable:

The settlement agreement calls for LinkedIn to pay up to $50 to some of the users who purchased premium memberships to the service. The social-networking company also promises that for the next five years, it will protect users' passwords by “salting” and “hashing” them.

Imagine that. Suing to implement the most basic security.