May 18th 2016
Over 100 million LinkedIn users could find their email addresses and passwords for sale online, following a breach of the professional networking site’s data four years ago. The site is investigating.
A hacker known as ‘Peace’ is attempting to sell the data on the dark web. Estimates of the numbers of records involved range from 117 million to 167 million.
The breach occurred in 2012, and resulted in some 6.5 million encrypted passwords being posted on the internet. Now, however, it seems much more serious than originally thought.
According to hacked data search engine LeakedSource, LinkedIn did not clarify the scale of the intrusion at the time. A spokesperson is quoted as saying: “It is only coming to the surface now. People may not have taken it very seriously back then as it was not spread.
“To my knowledge the database was kept within a small group of Russians.”
A LinkedIn spokesperson said: "In 2012, LinkedIn was the victim of an unauthorised access and disclosure of some members' passwords.
"At the time, our immediate response included a mandatory password reset for all accounts we believe were compromised as a result of the unauthorized disclosure. Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.
"Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords.”
She added: "We have no indication that this is a result of a new security breach."