According to the lastest report over 117 million LinkedIn email addresses and passwords have been stolen and been put up for sale on the Dark Web. In 2012 LinkedIn suffered a huge data breach were more than 6 Million users accounts login details, including encrypted passwords were posted online by a Russian hacker.
The hacker, who goes by the name “Peace”, told the Motherboard reports that the data was stolen during the LinkedIn breach of 2012. At the time, only around 6.5 million encrypted passwords were posted online, and LinkedIn never clarified how many users were affected by that breach.
Peace is selling the data on the dark web illegal marketplace The Real Deal for 5 bitcoin (around $2,200). Even if a user changed their password following the 2012 hack, they could still be using the same password elsewhere on the web, leaving their accounts open to cyber criminals.
Since the passwords have been initially encrypted with the SHA1 algorithm, with “no salt,” it just took ‘LeakedSource‘, the paid search engine for hacked data, 72 hours to crack roughly 90% of the passwords. LeakedSource provided Motherboard with a sample of almost one million credentials, which included email addresses, hashed passwords, and the corresponding hacked passwords.
n 2015, Linkedin also agreed to settle a class-action lawsuit over 2012’s security breach by paying a total of $1.25 million to victims in the U.S, means $50 to each of them.