Way back in 2012 LinkedIn experienced a huge data breach in which it was thought that 6.5 million user credentials were exposed, but now LinkedIn on Wednesday said that this hack expands to expose 117 million user email IDs and passwords. The Russian hacker who goes with the name “Peace” told Motherboard that the data was stolen during the LinkedIn data breach of 2012. And now he has put all the user information for sale on an illegal dark web market place.
“Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012,” wrote Cory Scott LinkedIn’s chief-security officer, in a post on the company’s blog. “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.” Hani Durzy, LinkedIn spokesman said the company has obtained a copy of the 117 million record data base, and that LinkedIn believes it to be real.
According to the Motherboard, the data is being sold for 5 bitcoin i.e., around $2,200. LinkedIn after 2012 hack did not clarify how many users were affected by the breach. But it reset the passwords of 6.5 million users and advised users to change their credentials. LinkedIn at the time did not suspect the Email ID’s had been stolen.
Now, the paid hacked data search engine Leakedsource claims that it has acquired all the data. Peace and other Leakedsource person said that they have 167 million accounts in the hacked data and 117 million have both Email and encrypted passwords.
Scott suggests users to use two-factor authentication and strong passwords. Cyber security experts say that such data breach news should serve as a reminder to reset passwords frequently. LinkedIn says that it has increased the security measures over the years but to be safe LinkedIn suggests all the users to change the credentials even if you have not received any email suggesting the change.