The hack scope of 2012 keeps expanding!
It seems that the LinkedIn’s hack back in 2012 was much worse than anybody expected. Four years ago, the famous social platform for professionals became a victim of a massive data breach, which led to more than 6 Million users credentials exposed. Back then, the login details that were posted online by a Russian hacker included encrypted passwords and emails.
Now, the new reports reveal that it was much more than the 6 Million users who got their credentials stolen, as previously thought. Latest research showed that this Linkedin data breach may have led to the online sale of sensitive information including accounts, emails and passwords of nearly 117 Million LinkedIn users. This is way too larger amount of compromised accounts than previously expected.
Recently, almost four years after this incident, a hacker hiding under the nickname “Peace” has been detected offering a database of about 117 Million emails and cracked passwords for sale, all of them belonging to LinkedIn users. The stolen data is available on the illegal Dark Web marketplace called “The Real Deal”. The hacker requires 5 Bitcoins, which is about $ 2 200, in exchange of this data. In a bargain with the security experts, he confirms that these credentials come from the LinedIn data breach back in 2012.
According to the researchers of LeakedSource, the precious database was kept by a group of Russian hackers. The experts confirmed that the passwords were encrypted with the SHA1 algorithm, with “no salt”. It took them nearly 72 hours to crack 90% of the login credentials.
The independent researcher Troy Hunt contacted some of the LinkedIn data breach victims and they confirmed that the leaked credentials were legitimate.
This whole incident turned out to have much more massive consequences than previously thought. It proved also, that LinkedIn has probably stored users passwords and account details in an insecure way. The company did not announce exactly how widespread the data breach of 2012 was at that time. It is only coming to the surface now, and as we see, with much larger scale. In regards to this, the LinkedIn spokesperson informed in an official statement that the company is working on investigation the matter. It looks like people may not have taken this incident very seriously back then since it was not so widespread.
Meanwhile, our “How to remove” team would advise users to change their passwords as soon as possible. It is a good idea to go for a longer and stronger one this time. Try to include a complex mixture of numbers, letters and specials symbols in order to make your password hard for breaking. It is also a good option to enable the two-factor authentication login process for LinkedIn accounts. Doing the same for other online accounts would ensure a safer online experience.