In 2012 there was a data breach in linked in and a lot of users data and privacy was compromised. What is the conclusion of all that data breach and what should linked in have done to prevent that data breach. Please explain briefly.

 

2012 Linkedin Data breach

A data breach took place in 2012, involving a social media company known as Linkedin. The event was appropriated by Hackers who managed to steal password hashes belonging to the company's users/members. Investigations revealed that 6.5 million account credentials were stolen and posted on another password forum belonging to Russians, thus exposing them to the world. The stolen data was said to be possessed by a paid hacked data search engine known as LeakedSource. Another hacker, named "peace," also claimed to have the same data. These hackers' sites claimed to possess 167 million accounts databases with 117 cracked passwords that are way higher than the 6.5 million that LinkedIn had reported ("Trend Micro," 2016).

In such an incident, Linkedin should have responded by imposing strict measures that include mandatory reset of accounts that had fallen victim to the data breach. They should also have hashed and salted the passwords in all their databases. They should also have considered options such as email challenges and two-factor authentication mechanisms. Invalidating passwords that had not been changed since the event occurred could also have helped. In addition to implementing better password policies and encouraging all their members to embrace them, legal action should also be taken to bring all the culprits of the breach to books.