It’s been awhile since we reported on a large password hack release, and LinkedIn once again is the target of a huge email and password breach. The breach occurred back in 2012, and now a hacker is trying to sell 117 million LinkedIn passwords and email addresses. Shortly after the initial breach, over 6 million passwords were posted but the extent of the breach by LinkedIn was never clarified.
The hacker, who goes by “Peace,” is trying to sell the data on a dark web marketplace for a mere 5 bitcoins (roughly $2,200USD). Another hacker website, LeakedSource also claims to have the data and say there are 167 million hacked accounts in total, 117 million of which contain both email addresses and encrypted passwords.
LinkedIn has posted a full statement on their website:
In 2012, LinkedIn was the victim of an unauthorized access and disclosure of some members’ passwords. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure. Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.
Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.
We take the safety and security of our members’ accounts seriously. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible.
Do you use LinkedIn? What do you think about this latest release of passwords from a 2012 hack? Let us know in the comments below, or on Google+, Twitter, or Facebook.