National Cyber Security Centre
Guidance on the historic LinkedIn incident (2012)
NCSC guidance following the renewed press interest in the historic hack of LinkedIn
We are aware that there is renewed press interest in the historic hack of LinkedIn. This is not a recent attack, it took place in 2012, and does not constitute a strategic threat to national security. Users were advised at the time by LinkedIn to change the passwords to their accounts and any other accounts that used the same password. The same advice was issued in 2016 when compromised LinkedIn credentials were found being sold by criminal groups.
- If you have a LinkedIn account and have not changed the password recently then you should do that now.
- If you no longer use your LinkedIn account then close it.
- You should not reuse passwords between personal and work accounts. If you did reuse passwords, or variations of passwords, between work systems and LinkedIn, then also change your work one.
- You should enable multi-factor authentication (also known as two-step or two-factor authentication) not just on your LinkedIn account but also on your personal email and social media accounts. Multi-factor authentication makes it much more difficult for your account to be hacked. For more information about how to enable multi-factor authentication for common online services, please refer to the following:
Google (including email)
Apple (including iCloud)
Microsoft (including Hotmail)
The NCSC advocates a sensible and user-friendly approach to passwords, recognising that usability is critical to effective security. As set out in our password guidance, this includes prioritising technical solutions in order to reduce the burden on users. To help people improve their password practices and manage the many passwords they need, we recommend the use of password managers. We advise against the regular changing of passwords where there is no indication or suspicion of compromise. However, the advice has always been clear that where there is evidence that your password has been compromised it should be changed quickly.
Further cyber security advice for individuals and small businesses is available from www.cyberaware.gov.uk.
Latest News from
National Cyber Security Centre
New cyber security training package launched for charities and small businesses07/05/2021 11:15:00
Free e-learning package to support small organisations released.
Leading figures from UK politics to appear at CYBERUK06/05/2021 09:15:00
CYBERUK is a key date for cyber security professionals, where thought leaders and technical professionals come together and exchange ideas.
Pupils in north London crowned champions of the NCSC cyber contest for girls27/04/2021 16:15:00
The winning team from Highgate School, London triumph at the 2021 virtual CyberFirst Girls Competition.
School staff offered training to help shore up cyber defences21/04/2021 15:25:00
New cyber security training resource for the schools sector to improve cyber resilience.
Advice on Pulse Connect Secure RCE Vulnerability21/04/2021 14:15:00
Advice for UK organisations using Pulse Connect Secure (PCS) VPN appliances.
UK and US call out Russia for SolarWinds compromise16/04/2021 10:10:10
Russia’s Foreign Intelligence Service (SVR) responsible for intrusion of global software supplier.
Security updates released for Microsoft Exchange Servers14/04/2021 10:20:00
The NCSC is encouraging organisations to install critical updates following a number of vulnerabilities being addressed in Microsoft Exchange.
GCHQ reflects on the passing of His Royal Highness The Prince Philip, The Duke of Edinburgh13/04/2021 11:10:00
GCHQ and the NCSC reflect on the passing of HRH The Duke of Edinburgh.