117 Million LinkedIn Emails and Passwords for Sale on Dark Web

May 18, 2016, Written By Bill Hardekopf
MONTREAL CANADA - MARCH 20 2016 - Linkedin application on android smartphone. Linkedin is a business-oriented social networking service.

A hacker named “Peace” is trying to sell 117 million LinkedIn accounts, including emails and passwords. The information is for sale on The Real Deal, a dark web illegal marketplace, for 5 bitcoin (about $2,200).

Peace told Motherboard that the data was stolen during a 2012 LinkedIn data breach. At that time, only 6.5 million encrypted passwords were posted online, and the networking site never specifically stated how many users had been affected by the breach.

Apparently, the breach was much worse than initially reported.

LeakedSource, a paid hacked data search engine service, claims they also have the data. The people behind LeakedSource and Peace both report that 167 million accounts were hacked, and of those, 117 million of the records contain emails and encrypted passwords.

“It is only coming to the surface now. People may not have taken it very seriously back then as it was not spread,” one of the people behind LeakedSource told Motherboard. “To my knowledge the database was kept within a small group of Russians.”

The original records were encrypted with a SHA1 algorithm instead of  the safer “salt” process, which is a series of random digits attached to the end of the hashes that make the password harder to crack. LeakedSource said they have cracked “90% of the passwords in 72 hours.”

Hani Durzy, a spokesperson for LinkedIn said their security team is looking into this most recent incident, and could not yet confirm that this data is legitimate. He did admit the 6.5 million records posted in 2012 were not the only passwords stolen.



The information contained within this article was accurate as of May 18, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.