CYBER NEWS

If you’re a professional in any business area, there’s a big chance you have a LinkedIn account. So read carefully – LinkedIn has suffered a major data breach. The latter has apparently led to probable sale of sensitive information harvested from 117 million accounts.

LinkedIn Data Breach: 167 Million Accounts Hacked, 117 Million for Sale

Motherboard says that LinkedIn’s website was exposed to the data breach in 2012, but its consequences are beginning to reveal now. A hacker, known as Peace, has contacted the famous online magazine, telling them that the million-user data was stolen during the LinkedIn breach few years ago.

In 2012, “only” 6.5 million encrypted passwords were posted online. The bad thing is LinkedIn never gave any explanation on the number of users affected by the incident.

So, what’s happening now? Peace is currently offering 117 million credentials of LinkedIn users for sale on the Dark Web, more specifically on The Real Deal marketplace. All he wants in exchange is 5 Bitcoins, or $2,200.

LinkedIn Is Silent about the Breach, Still Investigating

He’s not the only one with such claims. LeakedSource, a paid hacked data search engine, also claims to have obtained access to the data. According to both sources, the hacked LinkedIn database has 167 million accounts, 117 million of which have both emails and encrypted passwords and is currently uploaded on the Dark Web. A LeakedSource member believes that the database was kept within a small group of Russians. It’s not until recently the issue grew in severity.

Motherboard says that:

LeakedSource provided Motherboard with a sample of almost one million credentials, which included email addresses, hashed passwords, and the corresponding hacked passwords. The passwords were originally encrypted or hashed with the SHA1 algorithm, with no “salt”, which is a series of random digits attached to the end of hashes to make them harder to be cracked.

LinkedIn Users, Change Your Passwords Now!

If you’re in doubt about the legitimacy of all that information, security expert Troy Hunt who is behind the Have I Been Pwned project already contacted some of the victims, who have confirmed the credentials were genuine.

Since LinkedIn is currently investigating, the only thing left for users to do is change their passwords immediately. Note that if you have other accounts under the same credentials, you should “refresh” them, too.

More on Password Security:

PC Password Shield Software

Password Day 2016