Skip to content

May 19, 2016

Millions of LinkedIn passwords stolen in 2012 surface online

by John_A

You’ve probably already forgotten that LinkedIn was hacked back in 2012, but you could still be affected by that four-year-old security breach. According to Motherboard, someone going by the name “Peace” is selling (if he hasn’t sold them yet) 117 million LinkedIn username and password combos on a dark web marketplace for 5 Bitcoins or around $2,300. When the attack was first discovered, only 6.5 million users’ details were leaked — this dump reveals that the breach was much, much bigger. In fact, a hacked data search engine told Motherboard that the database Peace listed contains 167 million accounts. It’s just that only 117 million have both usernames and passwords.

Just like the 6.5 million passwords leaked in 2012, the ones in this batch are unsalted SHA-1 hashes. That means they’re easier to crack, because they lack “salt” or the random data attached to encrypted passwords that make them harder to decode. LinkedIn has confirmed in a blog post — where it also encouraged people to enable two-step verification — that the combinations being sold were part of the data stolen four years ago. The company has started invalidating passwords created before 2012, so you might receive a note to change yours if you’ve been a user for quite some time.

Via: TechCrunch

Source: LinkedIn, Motherboard

Read more from News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: