Many of our users may have heard about a large theft of LinkedIn usernames and passwords that has been in the news recently. Here's the short version:
This theft did not steal any information from your ClearView Social account. However, if you have not changed your password since 2012, someone may be able to log into ClearView Social using your LinkedIn Credentials. Update your password if it has not changed since 2012.
What Was Stolen
The breach originally occurred in 2012, but the reason it is in the news recently is that it has resurfaced as being more severe than originally reported and with lots of the same information still circulating out in the wild. It is like a second "wave" of the same breach.
Only usernames and passwords were stolen.
What ClearView Stores
ClearView Social has never stored your LinkedIn password. Instead, we use an industry-standard technology called OAuth which sends your browser over to LinkedIn, where LinkedIn itself supervises your login process on their site. If LinkedIn can prove who you are via a successful login, it sends the browser back to ClearView Social with a special token that says, essentially, "I've verified that this user is email@example.com, and they have granted permission to your app to post on their behalf."
We never store, and in fact are incapable of storing, your LinkedIn information itself. All we can store is the email address associated with your LinkedIn account and the access token, which was not part of the breach.
If somebody could log into LinkedIn as you, then they could log into ClearView Social as you, since we defer our logins to LinkedIn. (It is unlikely, as the password-theft economy is typically more interested in spamming your contact list than sharing excellent firm content on your behalf, but the possibility is there.) Even in that event, there is relatively little harm a person can do in ClearView Social since it simply lets them share on your behalf—something they could already do if they had access to your LinkedIn.
What To Do
You're not at risk if:
- You have changed your LinkedIn password in the last four years.
- You have been on LinkedIn less than four years.
- You have enabled two-factor authentication on your LinkedIn.
If your LinkedIn password is the same as four years ago and does not have two-factor authentication, then you may be at risk. Fortunately, all you have to do is change your LinkedIn password or enable two-factor authentication, and the breach can no longer affect you.
ClearView Social logins are LinkedIn logins. If your LinkedIn is secure, then your ClearView Social is secure.
What Not To Do
There are sites that purport to let you enter your email address to see if it was affected by the breach. Do not trust these at present, since they are sometimes used as honeypots by the breachers to identify high-value accounts. Simply change your password to take yourself out of breach consideration no matter what.
If there is anything else we can assist you with, you can contact ClearView Social Support either by emailing firstname.lastname@example.org or through the Intercom chat button in the bottom right of the site.