LinkedIn has confirmed a significant data breach of LinkedIn Passwords from 2012 was much worse than anyone’s first thought, as Russian hackers claimed the actual number of leaked account login details and encrypted passwords was 117 million, and not only 6.5 million as reported four years ago in 2012.
Latest reports emerged that the fresh LinkedIn passwords and emails of about 117 million LinkedIn users went on sale on a dark web market known as The Real Deal.
After 4 years, the same hacker named “Peace” had recently flogged millions of LinkedIn passwords & email of users of the Naughty America adult website for just $300. And now is now selling 117 million LinkedIn passwords and emails for 5 Bitcoins, worth approximately $2,200.
As the passwords have been initially encrypted with the SHA1 algorithm, with “no salt,” so it just took ‘LeakedSource‘, the paid search engine for hacked data, 72 hours to crack around 90% of the passwords.
An independent web security researcher who runs “Have I Been Pwned?” website, reached out to a number of the LinkedIn users who confirmed that the leaked credentials were legitimate.
In response to this incident, a LinkedIn spokesperson confirmed that they were looking into the matter and was in the process of resetting LinkedIn passwords of affected users: “Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed LinkedIn password combinations of LinkedIn members from that same theft in 2012,”.
He added, “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is a result of a new security breach.”
We recommend you to change your passwords immediately and enable two-factor authentication for your account as soon as possible and never use the same passwords on multiple websites.