Over One Hundred Million LinkedIn Passwords Posted Online

A LinkedIn hack from back in 2012 is still causing problems for its users. The company announced that another data set from the hack, which contains over 100 million LinkedIn members’ emails and passwords, has now been released.

In response to this new data dump, LinkedIn says it’s working to validate the accounts and contact affected users so they can reset their passwords on the site.

As you may or may not recall, given how much time has passed, hackers broke into LinkedIn’s network back in 2012, stole some 6.5 million encrypted passwords, and posted them onto a Russian hacker forum. Because the passwords were stored as unsalted SHA-1 hashes, hundreds of thousands were quickly cracked.

Now, according to a new report from Motherboard, a hacker going by the name of “Peace” is trying to sell the emails and passwords of 117 million LinkedIn members on a dark web illegal marketplace for around $2,200, payable in bitcoin. In total, the data set includes 167 million accounts, but of those, only 117 million or so have both emails and encrypted passwords.

As this data set also originates from the 2012 hack, these passwords are encrypted in the same way – with “no salt” – meaning they are more easily cracked. In fact, Motherboard states that 90 percent of the passwords were cracked within 72 hours. Several of the victims were still using their same password from 2012, the report also said.

Whether or not current LinkedIn users should be concerned comes down to a handful of factors: did you have an account during the time of the 2012 breach, have you changed your password since, and has that password been reused on other websites?

If you’re not sure, a best practice would be to change it anyway, as well as on other critical sites where you may be using that same password such as your banking website, email, or Facebook, for example.

LinkedIn says that it has increased its security measures in the years since the breach, by introducing stronger encryption, email challenges and two-factor authentication. But this hack was from an earlier era, before these protections were in place. They would also not necessarily protect users from hackers who had obtained email and password combinations.

The full text of LinkedIn’s statement is below:

In 2012, LinkedIn was the victim of an unauthorized access and disclosure of some members’ passwords. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure. Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.

Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.

We take the safety and security of our members’ accounts seriously. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible.

TechCrunch

 

« Growing Skepticism Over Drone Attacks
Cyber Theft Interrupted: Vietnam Bank Foils SWIFT Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

Exein

Exein

Exein are on a mission to build the world’s first ecosystem for firmware security so that all different types of firmware are secure around the world.

Jeffer Mangels Butler & Mitchell LLP (JMBM)

Jeffer Mangels Butler & Mitchell LLP (JMBM)

JMBM is a full service law firm providing counseling and litigation services in a wide range of areas including cyber security.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

Netsecurity AS

Netsecurity AS

Netsecurity is a Norwegian owned company focused and specialised within IT security and cybersecurity-as-a service.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

About Cyber Security.

About Cyber Security.

About Cybersecurity provides a galaxy-wide knowledge base of cybersecurity tactics and techniques derived from actual experience.

SEMNet

SEMNet

SEMNet is an IT solutions provider and an infrastructure and security consulting firm.

Venari Security

Venari Security

Venari is an award-winning cybersecurity SaaS provider that has developed an ETA (Encrypted Traffic Analysis) platform which fundamentally changes the way encrypted traffic is analysed.

Integris

Integris

Integris offers best-in-class services like dedicated vCIOs, specialized security and compliance advisory services, a 24/7 help desk, and more.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

Cyviation

Cyviation

Cyviation's mission is to mitigate ever-growing and menacing Cyber Security threats, focusing on aircraft, airlines and airports.

CIP Cyber

CIP Cyber

CIP Cyber is an online learning community with a mission of connecting, training, and certifying cybersecurity professionals to protect critical infrastructure.

STACK Cybersecurity

STACK Cybersecurity

STACK Cybersecurity serves as a strategic partner, guiding you through the intricate and dynamic cybersecurity landscape.