Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Data Centers / Hacked LinkedIn Passwords for Sale
LinkedIn Passwords from 117M Accounts Hacked and Up for Sale
LinkedIn Passwords from 117M Accounts Hacked and Up for Sale
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
A four-year-old data breach at LinkedIn has returned to haunt the professional networking site, with the recent discovery that 117 million user emails and passwords were being offered for sale on the dark Web.

LinkedIn said yesterday it was "moving swiftly" to address the issue by working to invalidate passwords for all pre-breach accounts whose logins haven't since been reset. It added it was also contacting individual users to advise them to reset their passwords.

The June 2012 LinkedIn hack was originally believed to have involved just 6.5 million passwords; at least, that is only as many as LinkedIn first acknowledged. However, a report yesterday by Motherboard said a dark Web marketplace and another site, LeakedSource, had both obtained data from 167 million hacked LinkedIn accounts. Of those, 117 million included emails and passwords; the remaining accounts are believed to be of users who logged into the site via Facebook.

'No Indication' of a New Breach

Yesterday's report on Motherboard said the publication had learned from a hacker using the name "Peace" that emails and passwords from 117 million LinkedIn users were among the 167 million accounts held in a hacked database posted for sale on The Real Deal, a dark Web marketplace. Peace was seeking five bitcoins -- about $2,250 at today's exchange rate -- for the data.

The publication reported that the database of LinkedIn account information was also in the hands of LeakedSource, a paid-subscriber site that allows people to look up whether their online username or password data has been found to be publicly available on the Web.

LinkedIn responded to Motherboard's report in a blog post yesterday by chief information security officer Cory Scott.

"We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords," Scott wrote. "We have no indication that this is as a result of a new security breach."

LinkedIn Looking for Suspicious Activity

While the LinkedIn passwords hacked in 2012 were protected using the SHA-1 hash algorithm, they were not "salted," which provides further protection with the addition of random data to hashed passwords. Without that added protection, passwords and other hacked data are easier to crack.

According to Motherboard, a person at LeakedSource said site personnel had been able to break into around 90 percent of the hacked LinkedIn passwords within three days.

A post published Tuesday on LeakedSource said LinkedIn users who found their information on the site could ask for that information to be removed from its database at no cost. The site also posted a list of the top passwords it had identified in the hacked data, indicating that many hundreds of thousands of users had chosen easily broken passwords such as "123456," "linkedin" and "password."

In yesterday's blog post, Scott noted that LinkedIn has "for several years" both hashed and salted all its user passwords. He added the site also encourages members to use other available LinkedIn tools such as email challenges and dual-factor authentication.

A blog update posted later in the day said that LinkedIn was using automated tools to look for and block any suspicious activity on affected accounts. It added, "We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply."

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.