117 million hacked LinkedIn accounts sold on Dark Web
In 2012, LinkedIn was hacked and now a data set filled with user credentials has appeared
In 2012, LinkedIn suffered a massive data breach where it was reported that 6.5m LinkedIn passwords had been leaked onto a Russian password forum.
Well, fast forward four years, LinkedIn has announced that another data set from the 2012 hack has surfaced on the Dark Web.
According to a report from Motherboard, a hacker group called "Peace" is offering the sale of 167m accounts, including the emails and exposed passwords of 117m LinkedIn users, for $2,200, payable in bitcoin. Motherboard also said that 90% of the passwords were cracked within 72 hours and that several victims were still using their same password from 2012.
In 2012, LinkedIn responded by forcing a password reset on all 6.5m LinkedIn accounts, the professional networking platform is advising users to do the same again.
In a blog post, LinkedIn's Cory Scott said: "Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.
"We take the safety and security of our members' accounts seriously. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We encourage our members to visit our safety centre to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible."
Despite LinkedIn's efforts to increase its security measures, this stolen data set was from 2012, before the protections were put in place.
What's more, according to LeakedSource, 50 easy passwords made up more than 2.2m of the 117m encrypted passwords stolen. These passwords were stored in SHA1 with no salting, meaning they were easily cracked.
LinkedIn's top 10 hacked passwords, according to LeakedSource are:
LinkedIn added: "We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply. In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts."
To be on the safe side, LinkedIn users should change their passwords.