117 Million LinkedIn Emails and Passwords for Sale on Dark Web
A hacker named “Peace” is trying to sell 117 million LinkedIn accounts, including emails and passwords. The information is for sale on The Real Deal, a dark web illegal marketplace, for 5 bitcoin (about $2,200).
Peace told Motherboard that the data was stolen during a 2012 LinkedIn data breach. At that time, only 6.5 million encrypted passwords were posted online, and the networking site never specifically stated how many users had been affected by the breach.
Apparently, the breach was much worse than initially reported.
LeakedSource, a paid hacked data search engine service, claims they also have the data. The people behind LeakedSource and Peace both report that 167 million accounts were hacked, and of those, 117 million of the records contain emails and encrypted passwords.
“It is only coming to the surface now. People may not have taken it very seriously back then as it was not spread,” one of the people behind LeakedSource told Motherboard. “To my knowledge the database was kept within a small group of Russians.”
The original records were encrypted with a SHA1 algorithm instead of the safer “salt” process, which is a series of random digits attached to the end of the hashes that make the password harder to crack. LeakedSource said they have cracked “90% of the passwords in 72 hours.”
Hani Durzy, a spokesperson for LinkedIn said their security team is looking into this most recent incident, and could not yet confirm that this data is legitimate. He did admit the 6.5 million records posted in 2012 were not the only passwords stolen.