A hacker is selling account information of 117 million LinkedIn users on Dark Web. This information also includes emails and passwords of users. He is selling the data for 5 Bitcoin (around $2000).
hacker, with name “peace”, confirmed to Motherboard that the information was stolen during the LinkedIn data breach back in 2012 when 6.5 million LinkedIn Passwords were posted online. LinkedIn confirmed the breach but never confirmed how many users were affected. It turns out to be the worse than we could expect.
LeakedSource also obtained the leaked data. It confirmed that passwords were stored in SHA1 without salting. So, it was not very tough to get passwords. LeakedSource also confirmed to crack 90% of the passwords in just 72 hours. ‘123456’ was the most used password and it was used 753,305 times.
From 167 leaked accounts, only 117 million accounts had passwords. Other users may have used Facebook or other kinds of login.
Motherboard did a good investigation and contacted one of those email addresses they obtained from leaked data. That user told Motherboard that the password in the sample was their current one. It means the leaked data is not fake.
While bank details information is not available on LinkedIn profile, this information can still used to steal your identity. So, we recommend you to check your password to avoid any trouble. If you use same password on other than LinkedIn, you should change the password in all those websites where you used the same password.
Source: Motherboard
