117 million LinkedIn passwords being sold in the dark web.
Advertisement
But security experts are advising all users of the site to change their passwords and replace any payment cards associated with their account.
Based on a sample of almost 1 million credentials, Motherboard reported that the hacked passwords were encrypted with the SHA-1 algorithm-already outdated by 2012. At the time, LinkedIn said it would reset all vulnerable accounts, but it’s now emerged that the company misjudged the scale of the hack.
LinkedIn issued a statement saying it is aware of the situation, but added that this is not a new data breach as the information was taken during a hack in 2012.
LinkedIn has said it is looking into the breach, but offered no further comment.
Carmakal said it isn’t unusual for companies to fail to realize the full extent of a hack.
Those are hugely worrying numbers, and unsurprisingly LinkedIn has already responded to this news with a blog post.
After the leak four years ago, LinkedIn asked its members to change their passwords, as well as the company resetting the passwords of any accounts which it thought had been breached by the hacker.
One of the operators of a hacked data search engine told Motherboard that they cracked “90% of the passwords in 72 hours”.
The hacker is selling the data for 5 bitcoins, which is equivalent to about $2,200. He remarked that LinkedIn had set additional layers of security, including dual factor authentication and email challenges. The stolen data is said to include email addresses and passwords, which a malicious party could use to gain access to other websites and accounts for which people used the same password. Yet hundreds of thousands of LinkedIn users had “123456” as their passwords, which, as eloquently stated in the movie “Spaceballs”, is the kind of password “that an idiot has on his luggage”.
Advertisement
‘The best thing users can do is go to all of their online accounts and change their passwords, and make sure when they do change their password, it is different for each account’.
