LinkedIn hacker selling over 100 million user logins on the dark web
LinkedIn’s 2012 data breach has come back to haunt it amid reports that a hacker is currently selling more than 100 million logins to the site.
The stolen ID’s are understood to have been taken in the 2012 cyber-crime attack which resulted in 6.5 million encrypted passwords from the site being posted on a Russian crime forum.
However it appears that this was just the tip of the iceberg. According to news site Motherboard a Russian hacker, who goes by the name ‘Peace’, is selling 117 million email and password combinations on the dark web marketplace for five Bitcoins or $2,300.
Four years ago when the attack took place the business-focused social network said it had rest all compromised accounts however the listed account details for sale indicate that the company has a much larger task on its hands.
Discussing the news of a more widespread issue Cory Scott, LinkedIn’s chief information security officer, said: "We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords.
"We have no indication that this is a result of a new security breach.
"We encourage our members to visit our safety centre to ensure they have two-step verification authentication and to use strong passwords in order to keep their accounts as safe as possible."
A security expert speaking to the BBC noted that the hack was made possible because LinkedIn had originally "hashed" its passwords but not "salted" them before storing them.
Hashing involves using an algorithm to convert passwords into a long string of digits. Salting is an additional step meant to stop unauthorised parties from being able to work around the process.