LinkedIn users are being urged to change their passwords after the revelation that around 117 million account details, including email addresses and passwords, are up for sale.
The data is reportedly being offered to the highest bidder by a hacker who claims he was responsible for the theft four years ago.
Peace claims that that the data was stolen during a breach of LinkedIn back in 2012, in which around 6.5 million encrypted passwords were posted online.
However the site never clarified how many users were affected by that breach, and when contacted by Motherboard for comment, a LinkedIn spokesperson said that the passwords posted online in 2012 were not necessarily all of those affected.
LinkedIn spokesperson Hani Durzy told Motherboard that the company’s security team was looking into the incident, but that at the time they couldn’t confirm whether the data was legitimate.
The database was also found on paid hacked data search engine LeakedSource, which claimed to have 167m accounts available, and as proof provided Motherboard with a sample of almost one million credentials including email addresses, hashed passwords, and the corresponding hacked passwords.
LinkedIn has been criticised across the security industry for its lax approach to user protection, with the company apparently underestimating just how big the 2012 breach was.
The social network also apologised and enlisted the help of the FBI in the matter, but that did not stop a class action lawsuit, which ultimately cost LinkedIn $1.25m (£810,000) in settlements last year.
“The LinkedIn breach goes to show how a single significant breach can come back to haunt a business (and its customers) again and again,” said Rob Sobers, director at Varonis.
“It also highlights just how in-the-dark companies typically are after a breach. After a breach occurs we usually see a statement claiming that the security team has “isolated the affected systems,” but seasoned security researchers know that far too often the scope and severity of a breach is indeterminable due to a lack of comprehensive monitoring and logging.”
Are you a security guru? Try our quiz!
Apple reportedly in talks with Google to use Gemini for generative AI tasks on iPhones…
Some US senators say they support bill that could result in TikTok ban, while US…
Flying taxis could become reality in UK in next four years under new government action…
SpaceX reportedly developing network of hundreds of low-orbit spy satellites for US intelligence agency under…
Uber to pay £149m in settlement with Australian taxi drivers who alleged it used illegal…
TikTok reportedly brought in $16bn in US last year, while parent ByteDance made $120bn worldwide,…