Hacker selling Linkedin login details
By Digital News Asia May 20, 2016
- Data on 167 million accounts for sale
- Original 2012 hack bigger than thought
THE login details of around 167 million LinkedIn accounts are now for sale online by someone who is asking for US $2,200 for the whole lot, a security researcher said.
The details which include email addresses and passwords appear to come from a 2012 breach of the site, researcher Troy Hunt said. LinkedIn officials have verified that the 2012 hack was the source and said that they are working to invalidate any passwords that may still be actively used on compromised accounts.
According to LeakedSource, a site that maintains a database of more than 1.25 billion compromised accounts, the new batch contains data for 167 million accounts. Around 117 million of the records in the batch include passwords.
It looks like the 2012 breach was much bigger than previously thought. At that time, researchers had found around 6.5 million hacked account details. Following the breach, Linkedin had implemented a mandatory password reset policy.
According to posts on social media sites, the data was advertised on a Dark Web site known as The Real Deal by someone with the user name peace_of_mind. It offers data for 167 million accounts in return for five bitcoins, which at the current exchange rate is worth about US $2,200.
Linkedin says they are taking immediate steps to invalidate the passwords of the accounts impacted.
The LeakedSource post shows that the most widely used password was 123456. It was followed by linkedin, password, and 123456789.
LinkedIn appoints Olivier Legrand as Asia Pacific MD
Malaysians prize workplace relationships: LinkedIn survey
LinkedIn crosses two million members in Malaysia