Remember the LinkedIn security breach four years ago? The hacker is back, and advertising emails, passwords and account information of over 117 million LinkedIn users for sale.
Old LinkedIn hacked data becomes valuable again
Every single day we hear news of a hack - from social networking sites to dating websites and even banks. It is easier to forget these incidents since we come across some new hacking story every other day. Going back to 2012, there was a major security breach that affected millions of LinkedIn users. A Russian hacker had tried to breach and then sell over 6 million login details of LinkedIn users. At the time, LinkedIn had assured to have reset the accounts of those it thought were compromised. The business-centered social network now plans to repeat the security measure on a larger scale after a recent advertisement in the dark web.
Under the nickname Peace, the hacker is selling 117 million email and passwords belonging to LinkedIn users on an illegal Dark Web marketplace known as The Real Deal. Guess how much you need to pay to get your hands on the account details of 117 million users? 5 bitcoins, or $2,200 aprox.
The hacker has spoken to Motherboard who confirmed and reported that these logins indeed come from the 2012 LinkedIn hack. At the time, the number of the affected accounts was believed to be just a fraction of what has been advertised by the hacker now, proving that LinkedIn avoided to inform its users just how widespread the security breach was.
The hacker, who goes by the name “Peace,” told Motherboard that the data was stolen during the LinkedIn breach of 2012. At the time, only around 6.5 million encrypted passwords were posted online, and LinkedIn never clarified how many users were affected by that breach.
LeakedSource, the paid hacked data search engine also claims to have obtained this data which "was kept within a small group of Russians," the site has said. The search engine has managed to crack 90% of passwords in 72 hours of obtaining them, even though the majority of the passwords was encrypted or hashed with the SHA1 algorithm.
Only yesterday we were talking about how ancient internet worms and viruses are still ruling the malware industry. And today brings us another reminder that similar to malware, even the old hacked data becomes useful to criminal. Important lesson? NEVER reuse your passwords and change them as soon as you hear a site being hacked, no matter if it's a major incident or only a small number of users are reported to be impacted.