Back in 2012, LinkedIn suffered a data breach where the personal data including the encrypted passwords of around 6.5 million users were posted online. At the time, LinkedIn never really said how many people were affected by the theft. As it turns out the data breach was far worse than anyone knew. The hacker behind it, who goes by the handle “Peace”, has decided to sell the rest of the data which includes the emails and passwords of 117 million LinkedIn users.
Going for 5 bitcoin ($2,200), Peace is selling the information on a dark web marketplace called The Real Deal. According to both Peace and the search engine for hacked data, LeakedSource, while 117 million of the hacked accounts have both the email and password associated with it, there are 167 million stolen accounts in total. It took less than 72 hours to crack 90% of the passwords, which were encrypted with using the SHA1 algorithm. Apparently, it all stayed secret due to it being kept within a small group of Russian hackers.
According to LinkedIn, while their security is looking into it, they can’t confirm if the data is real or came from them. They did admit, however, that the original 6.5 million accounts that were hacked in 2012 may not be all of them.
Obviously if you’re a LinkedIn user, you should probably change your password, especially if you haven’t done it since the original breach. It’s also a good idea to not use the same password across multiple accounts. Doing so means that if you have a LinkedIn account, the same email and password you use for banking is now probably in the hands of Russian hackers.