On the dark web, a hacker has come out to be selling the account details of 167 million users of the professional social networking site LinkedIn. The hacker announced his desire to sell these user records on dark website TheRealDeal, requesting a sum of 5 bitcoins, or around $2200, for the stolen data set which is thought to contain user IDs, email addresses, and SHA1 encoded passwords for a total of 167,370,940 users.
The records that are up for sale are far from complete, though it does represent around a third of LinkedIn’s 433 million registered members, which is a significant proportion. Troy Hunt, stated via email that “I’ve seen a subset of the data and verified that it’s legit.” Hunt is the creator and owner of the site Have I been pwned? which is dedicated to allowing users to check if they have been affected by any known data leaks or breaches, which should lend a lot of credibility to his assessment.
Currently, it is thought that this data could be related to the data breach that LinkedIn suffered back in 2012, which leaked the records of only 6.5 million users by comparison. This could mean that the 2012 breach was far larger than it was previously believed to be, with the remainder of the leaked data only surfacing now. Another site, LeakedSource, which is dedicated to indexing leaked data, claims to have a copy of the data set that is up for sale and hold the belief that the records originate from the 2012 breach.
This breach also raises some questions about LinkedIn’s data security practices as LeakedSouce went on to state that the passwords were stored in SHA1 with no salting, which is against best practice for storing user details online. As over 60% of the passwords of the 6 million leaked back in 2012 were able to be cracked by hackers, it is worrying to think that the same could be expected of this far larger data set and represents a real threat to users who may not have changed their account passwords since 2012 or even reused the same email and password combination across multiple sites.
LinkedIn is yet to comment on the break, however, it is recommended that any users of the site make sure to change their password and that of any other site with the same credentials.
110% mechanical keyboard with 109 keys in a UK ISO layout V-silk PBT keycaps with…
Recent years have seen Small Form Factor (SFF) PCs become increasingly popular. Obviously they are…
Introducing the Next Level Racing® Go Kart Plus cockpit, designed for the whole family to…
Maximize cooling potential with DeepCool FK120 fans that are balanced to perfection for both performance…
Full ARGB front panel with dual ventilation cut-outs The front panel can be replaced with…
Enhanced Power Loss Data Protection Enhanced Power Loss Data Protection prepares the SSD for unexpected…