News

LinkedIn Data Breach: 117 Million Profiles Up For Sale; Users Asked To Change Passwords

By Megha Kedia | Update Date: May 19, 2016 06:00 AM EDT

Popular professional networking website, LinkedIn, has warned users to change their passwords as login credentials of more than 117 million LinkedIn users have been put up for sale online. LinkedIn suffered a massive data breach way back in 2012. At that time, hackers gained access to account information of more than 6 million users. However, the professional networking website is still dealing with the effects. LinkedIn has now confirmed that an additional set of data has been offered for sale on the dark web.

"Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012," Cory Scott, LinkedIn's chief information security officer, noted in an official blog post, according to CNET.

The recent discovery hints that 2012 LinkedIn breach was much bigger than it was believed to be. The company said it has no indication that the released log-in credentials are a result from another hack.

"We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach," the blog post read.

According to Motherboard, a hacker named "Peace" is selling the emails and passwords of 117 million LinkedIn members on a dark website known as The Real Deal for five bitcoin which equals to around $2,200.

Subscription-based hacked-data search engine LeakedSource has provided a sample of almost one million credentials, which included email addresses, hashed passwords, and the corresponding hacked passwords to Motherboard. The passwords were originally encrypted or hashed with the SHA1 algorithm, with no "salt," which is a series of random digits attached to the end of hashes to make them harder to be cracked.

LinkedIn has asked users to enable two-step verification, and to use strong passwords in order to keep their accounts as safe as possible.

© 2024 Counsel & Heal All rights reserved. Do not reproduce without permission.

Join the Conversation

Real Time Analytics