Hacker Puts 117 Million Stolen LinkedIn Users’ Details for Sale

 The impact of the 2012 breach of LinkedIn servers has come to the fore, with a hacker looking to sell LinkedIn account details – including users’ emails and passwords – of 117 million registered users on a dark web marketplace.

A hacker who goes by the name “Peace” is reportedly trying to sell a huge data trove of emails and passwords of some 117 million LinkedIn users, according to Motherboard.

The hacker told the publication that the data is a direct result of a LinkedIn server breach from 2012. Notably, LinkedIn did not reveal how many users were impacted by the breach at the time. Furthermore, a file containing 6.5 million unique hashed passwords surfaced in an online forum at the time, a relatively smaller number compared to the recent revelation.

The comprehensive and stolen data is now for sale on a dark web illegal marketplace called the Real Deal. It is being sold for 5 bitcoins, approximately $2,200. LeakedSource, a data search engine containing hacked records has also revealed that it possesses the hacked database, uploading the same onto its website.

Peace and LeakedSource have both further revealed that the entire database contains 167 million accounts, of which 117 million have encrypted passwords and emails. The latter told the publication that they had, at the time, already cracked 90% of all the passwords in 72 hours.

LinkedIn has published a blog post of its own to address and acknowledge the leak, fundamentally confirming the bad news to LinkedIn users.

A statement read:

Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012.

We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords.

Furthermore, LinkedIn has also started to invalidate passwords belonging to every account created prior to the 2012 breach. The company is also demanding that Peace and LeakedSource stop their efforts to make the data available, with the threat of legal action for the failure to comply.

Featured image from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.