Social hacks are nothing new. As noted by a University of Phoenix study conducted earlier this year, while 84 percent of U.S. adults now have at least one social media account, two-thirds said they’ve been hacked and 86 percent limit the amount of personal information they provide. The problem? It may not be enough.

According to CNET, 117 million LinkedIn email and password combinations appeared on the Dark Web this week. The company has launched legal action and, for the moment, stemmed the tide. But with so many sites under threat, it’s worth asking: Has the specter of stolen credentials become business as usual?

Criminal Connections

LinkedIn’s trouble started in 2012 when cybercriminals broke in, grabbed what they could and released a set of 6.5 million passwords. It’s been largely radio silence since — until now.

A hacker named “Peace” popped up and posted the emails and passwords of more than 100 million LinkedIn members on the Dark Web. While it’s not clear if payment was made or not, the data then moved to LeakedSource, a subscription-based search service that lets users track down instances of their own information being used across the Web.

According to Motherboard, while the search site’s terms of service make it clear that subscribers should only search for data that belongs to them, there are no rules in place to prevent other queries. In effect, this makes the LinkedIn database public knowledge.

As noted by ZDNet, the social network immediately took action. First, it advised all users to change their passwords to prevent account compromise and then sent a cease and desist letter to LeakedSource. So far it’s working: The site has agreed to take down the data while it consults with its own legal experts.

LeakedSource argued that it’s done nothing wrong since it didn’t access any computers without authorization and aren’t trying to defraud anyone. Styling itself as a scavenger, its stance is that hosting the data is no harm, no foul — regardless of the origin.

More Data Than LinkedIn Email

LinkedIn emails and passwords aren’t the only login credentials up for sale this month. According to Hackread, a cybercriminal known as “Peace of mind” hacked adult social network Fling and put more than 40 million logins up for sale on the Dark Web.

Fling said the data is genuine, but links it to an earlier hack from 2011. While there’s no direct link to the LinkedIn issues, the username, timeline and type of data released certainly suggest more than passing familiarity.

Social networks are vulnerable. Many have taken steps to implement stronger security controls such as two-factor authentication and improved encryption, but the recent LinkedIn email compromise makes it clear that users need to take charge and change passwords at a much faster pace.

Just because a breach seemingly passes by without ill effect, there’s no guarantee it will remain that way; Fling data from five years ago is just now emerging to put millions of users at risk. LinkedIn’s legal challenge is a stopgap. Site members need to police their own data now that time-delayed hacks are becoming business as usual.

More from

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan.In older approaches to application development, a developer would have a targeted system or set of systems for which they intend to create an application. This targeted system would be the mall. Then, when building the application, they would tailor…

Inside the Second White House Ransomware Summit

Ransomware is a growing, international threat. It's also an insidious one. The state of the art in ransomware is simple but effective. Well-organized criminal gangs hiding in safe-haven countries breach an organization, find, steal and encrypt important files. Then they present victims with the double incentive that, should they refuse to pay, their encrypted files will be both deleted and made public. In addition to hundreds of major attacks around the world, two critical ransomware incidents — the Colonial Pipeline attack and…

Did Brazil DSL Modem Attacks Change Device Security?

From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims' computers. According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazil's Computer Emergency Response Team, the attack ultimately…

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…