A hacker is asking for $2,200 or 5 Bitcoin in exchange for as much as 117 million LinkedIn account email addresses and passwords. The sale has been posted online and was seen by a security researcher.
The credentials being sold were hashed SHA1 function and were reportedly obtained from a 2012 breach, said researcher Troy Hunt in his tweets. The career networking site's officials have confirmed that the data being sold was part of the 2012 hack attack. They said that they are working to nullify any passwords included in those accounts, some of which may still be active. LinkedIn already issued a warning to users Wednesday to change their passwords, San Francisco CBS wrote.
There is a web site that holds the database of 1.25 billion compromised accounts. A new batch of 167 million accounts have been added. Password fields were included in 117 million of the accounts, Arstechnica reported. This discovery insinuates that the 2012 breach affected more accounts than reported. At present, 6.5 million credentials have been found to belong to LinkedIn users.
It is not known if the bigger number of affected accounts is new to LinkedIn or is common knowledge.Days after the breach in 2012, the network implemented a mandatory reset for user passwords.Company officials stated on Wednesday that they are working still working on the remaining users whose passwords have not been changed. This implies the probability that the company was not aware of the higher affected numbers.
The posting was seen on a dark Web site called "The Real Deal" by the username "peace_of_mind". LinkedIn said that the additional set of data released is not confirmed, whether it was taken from a new breach in the system or from the 2012 security breach.
A breakdown of the most frequently used passwords was given and showed a striking lack of care by the end users. The most commonly used passcode was "123456"that can access 753,305 accounts. Another common password is "linkedin" that can access 172,523 accounts and 123456789 that is used for 94,314 accounts.
LinkedIn officials said that they are encouraging users to view their Safety Center to be informed and learn precautions about their account's safety. The site is also offering protection tools like email challenges, validation codes, and dual factor authentication. Users are urged to make sure they have the two step verification authentication in their accounts. They are also urged to make use of stronger passwords to avoid easy access to their accounts.