News

167 Million LinkedIn User Records For Sale by Hacker

On the dark web, a hacker has come out to be selling the account details of 167 million users of the professional social networking site LinkedIn. The hacker announced his desire to sell these user records on dark website TheRealDeal, requesting a sum of 5 bitcoins, or around $2200, for the stolen data set which is thought to contain user IDs, email addresses, and SHA1 encoded passwords for a total of 167,370,940 users.

The records that are up for sale are far from complete, though it does represent around a third of LinkedIn’s 433 million registered members, which is a significant proportion. Troy Hunt, stated via email that “I’ve seen a subset of the data and verified that it’s legit.” Hunt is the creator and owner of the site Have I been pwned? which is dedicated to allowing users to check if they have been affected by any known data leaks or breaches, which should lend a lot of credibility to his assessment.

Currently, it is thought that this data could be related to the data breach that LinkedIn suffered back in 2012, which leaked the records of only 6.5 million users by comparison. This could mean that the 2012 breach was far larger than it was previously believed to be, with the remainder of the leaked data only surfacing now. Another site, LeakedSource, which is dedicated to indexing leaked data, claims to have a copy of the data set that is up for sale and hold the belief that the records originate from the 2012 breach.

This breach also raises some questions about LinkedIn’s data security practices as LeakedSouce went on to state that the passwords were stored in SHA1 with no salting, which is against best practice for storing user details online. As over 60% of the passwords of the 6 million leaked back in 2012 were able to be cracked by hackers, it is worrying to think that the same could be expected of this far larger data set and represents a real threat to users who may not have changed their account passwords since 2012 or even reused the same email and password combination across multiple sites.

LinkedIn is yet to comment on the break, however, it is recommended that any users of the site make sure to change their password and that of any other site with the same credentials.

Alexander Neil

Disqus Comments Loading...

Recent Posts

Plaion Launches Retro ZX Spectrum Computer

Plaion, a leading video game publisher, and Retro Games Ltd., a specialist in reimagined classic…

2 days ago

NVIDIA Warns of GeForce RTX 40 Graphics Card Shortages in November and December

During the latest earnings call, NVIDIA CFO Colette Kress warned of a potential GPU supply…

2 days ago

GeForce RTX 5090, RTX 5080, RTX 5070 Ti, and RTX 5070 Reportedly Coming in Q1 2025

Chinese sources say the GeForce RTX 5090, RTX 5080, RTX 5070 Ti, and RTX 5070…

2 days ago

GTA 6 Already Winning Awards Before Its Launch

GTA 6 doesn’t have an official release date yet, but it has already earned a…

2 days ago

DJI Osmo Mobile 6, 3-Axis Phone Gimbal

Stay on Point with ActiveTrack 6.0 - With upgraded tracking tech, OM 6 sticks to…

2 days ago

Drayton Wiser Smart Radiator Thermostat TRV

Pack includes three Wiser Radiator Thermostats. These smart radiator thermostats are only designed to work…

2 days ago