Thursday 29 September 2016

117 million LinkedIn passwords sold by hackers

James Titcomb

Published 19/05/2016 | 08:06

A woman walks into LinkedIn Corp. company headquarters in Mountain View, California, U.S., on Thursday, Jan. 27, 2011. LinkedIn Corp., the largest networking website for professionals, said it plans to raise as much as $175 million in an initial public offering. Photographer: David Paul Morris/Bloomberg
A woman walks into LinkedIn Corp. company headquarters in Mountain View, California, U.S., on Thursday, Jan. 27, 2011. LinkedIn Corp., the largest networking website for professionals, said it plans to raise as much as $175 million in an initial public offering. Photographer: David Paul Morris/Bloomberg

Passwords belonging to 117 million users of professional networking site LinkedIn have been put up for sale online.

  • Go To

The huge cache of personal data comes from a hack of the website four years ago that was previously thought to have affected only a few million accounts.

LinkedIn said it was trying to assess which accounts had been affected and invalidate their passwords to prevent hackers accessing users’ accounts.

In 2012, around 6.5 million LinkedIn passwords were released online, forcing the company to urge all its members to change their passwords and reset those that it suspected had been affected.

Now the much bigger set of details has been put up for sale on the dark web for five bitcoins (£1,565). Although encrypted, the set of passwords had not been cryptographically-sealed with an additional security measure known as a “salt”, making more common passwords relatively easy to decode.

LinkedIn has more than 400 million members around the world, and more than 20 million in the UK.

The data release actually contains 167 million account details including email addresses, although only 117 million passwords are included.

"Yesterday, we became aware of an additional set of data that had just been released  that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012," LinkedIn said.

"We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach." It said that passwords are now salted, meaning in the event of any future breach, they would be less difficult to crack.

If your LinkedIn password has not been changed since 2012, now is probably a good time, and the same goes for any other websites which you use the same password for.

The company also urged people to activate Two Factor authentication on their accounts to better protect themselves.

Telegraph.co.uk

Read More

Promoted articles

Editors Choice

Also in Business