LinkedIn: Hacker selling 117 million e-mail adresses and passwords

In 2012 LinkedIn was hacked and 6.5 million encrypted passwords were posted online.

This data breach has now turned out to be far more extensive than originally thoght. This is due to the fact that a hacker called “Peace” is trying to sell account information of 117 million LinkedIn users, including their e-mail addresses and passwords.

The hacked data search engine LeakedSource, has also obtained the data. Although the passwords were originally encrypted, so that a series of random digits were attached to the end of hashes, in order to make them harder to be cracked, LeakedSource claims to have cracked 90 percent of the passwords in 72 hours.

The security researcher Troy Hunt, maintaining the breach notification site “Have I Been Pwned?,”talked to some of the victims of this data breach. Two of them confirmed that they were users of LinkedIn and that the password that Hunt shared with them was indeed the one they were using at the time of the data breach.

LinkedIn confirmed this week that the new data is legitimate:

The company’s chief information security officer Cory Scott stated that “Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012,“ and went on “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.“ Furthermore, Scott also suggested that in order to keep their accounts as safe as possible, members visit their safety center to learn about enabling two-step verification, and to use strong passwords.