117m LinkedIn User Accounts Are ‘Up For Sale’

LinkedIn users are being urged to change their passwords after the revelation that around 117 million account details, including email addresses and passwords, are up for sale.

The data is reportedly being offered to the highest bidder by a hacker who claims he was responsible for the theft four years ago.

Peace out

The hacker, known as “Peace,” contacted technology site Motherboard this week to offer the details, which are up for sale for five Bitcoins (around £1564) on dark web site The Real Deal.

Peace claims that that the data was stolen during a breach of LinkedIn back in 2012, in which around 6.5 million encrypted passwords were posted online.

However the site never clarified how many users were affected by that breach, and when contacted by Motherboard for comment, a LinkedIn spokesperson said that the passwords posted online in 2012 were not necessarily all of those affected.

LinkedIn spokesperson Hani Durzy told Motherboard that the company’s security team was looking into the incident, but that at the time they couldn’t confirm whether the data was legitimate.

The database was also found on paid hacked data search engine LeakedSource, which claimed to have 167m accounts available, and as proof provided Motherboard with a sample of almost one million credentials including email addresses, hashed passwords, and the corresponding hacked passwords.

LinkedIn has been criticised across the security industry for its lax approach to user protection, with the company apparently underestimating just how big the 2012 breach was.

The social network also apologised and enlisted the help of the FBI in the matter, but that did not stop a class action lawsuit, which ultimately cost LinkedIn $1.25m (£810,000) in settlements last year.

“The LinkedIn breach goes to show how a single significant breach can come back to haunt a business (and its customers) again and again,” said Rob Sobers, director at Varonis.

“It also highlights just how in-the-dark companies typically are after a breach. After a breach occurs we usually see a statement claiming that the security team has “isolated the affected systems,” but seasoned security researchers know that far too often the scope and severity of a breach is indeterminable due to a lack of comprehensive monitoring and logging.”

Are you a security guru? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Apple In Talks With Google To Bring Gemini AI To iPhones

Apple reportedly in talks with Google to use Gemini for generative AI tasks on iPhones…

5 mins ago

US Senators Voice Support For TikTok Bill

Some US senators say they support bill that could result in TikTok ban, while US…

36 mins ago

Government Wants Flying Taxis In Operation By 2028

Flying taxis could become reality in UK in next four years under new government action…

1 hour ago

SpaceX ‘Developing Spy Satellites’ For US Agency

SpaceX reportedly developing network of hundreds of low-orbit spy satellites for US intelligence agency under…

2 hours ago

Uber To Pay £149m In Settlement With Australian Taxi Drivers

Uber to pay £149m in settlement with Australian taxi drivers who alleged it used illegal…

2 hours ago

TikTok US Sales ‘Hit $16bn’, ByteDance Nears Meta In World Revenues

TikTok reportedly brought in $16bn in US last year, while parent ByteDance made $120bn worldwide,…

23 hours ago