My friend Sally received an urgent message from her free email provider, Google Gmail, saying she needed to immediately change her password.
Sally had no idea why, but she followed the instructions and changed her password. I cannot know for sure why Google thought it necessary for Sally to change her password, but I have a good idea as to what the reason could be.
Sally’s email account had not been hacked, so why did Google insist she needed to change her password? The reason is most likely found in the fact that while Sally was not hacked (yet), it seems that several organizations with which Sally had trusted her credentials had been hacked.
At one time or another, Sally had used the social networking site LinkedIn.com. She gave LinkedIn her email address and a password. Then LinkedIn was hacked, causing the private information for 164 million customers to be stolen, and that data subsequently ended up for sale on a dark market site. Sally was not hacked, but because LinkedIn was, Sally’s email address and password were up for sale to criminals on the dark web.