The login details of over 117m LinkedIn users is being sold on the dark web.
New reports say the data, which includes members’ usernames and passwords, is being sold by a hacker named Peace on dark web marketplace The Real Deal.
The hacker says the data comes from a security breach of LinkedIn that took place back in 2012.
As Motherboard – who spotted the stolen data sale – points out, at the time of the hack, only 6.5m user details were posted online, but it now appears the breach was much worse.
And the hacker is now selling the data of over 117m users for 5 bitcoin, which is worth around £1,500.
At the time of the hack, LinkedIn had around 165m users.
When this original leak was spotted back in 2012, LinkedIn reset the passwords of the compromised accounts, and is currently in the process of invalidating the passwords and contacting the members whose accounts are at risk.
Someone from LeakedSource, a data search engine that also claims to have the data, told Motherboard: “It is only coming to the surface now. People may not have taken it very seriously back then as it was not spread. To my knowledge the database was kept within a small group of Russians.”
Yesterday, LinkedIn confirmed the breach with a blog post by chief information security officer Cory Scott:
“Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords.”
The LinkedIn exec said the company had no indication that the latest data set was the result of a new security breach.
Speaking about the company’s security measures, Scott said: “We take the safety and security of our members’ accounts seriously. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible.”
Earlier this month a hacker claimed to have 57m user details that were stolen from dating site Zoosk, claims which were later discredited by security expert Troy Hunt.
In April it was also revealed that niche dating site BeautifulPeople.com had been subject to a data hack, with the personal details and private messages of 1.1m users appearing on the deep web.
Next month security expert Troy Hunt is hosting a workshop in London on how to build up defensive skills in developers to stop damaging security breaches.