Millions of LinkedIn users' log-in details 'for sale on dark web'
Published 18/05/2016 | 17:20
A hacker claiming to have the log-in details of millions of LinkedIn users is advertising the data for sale online.
The extensive list of user IDs and passwords, which were allegedly sourced from a cyber attack on the networking site four years ago, is being advertised on the "dark web" - a sub-section of the internet not accessible through normal web browsers and often a platform for illegal activity.
According to news site Motherboard, a hacker calling themselves "Peace" has placed the alleged details of 117 million LinkedIn users on dark web marketplace The Real Deal for the price of 5 Bitcoin - the digital currency - worth around £1,500.
At the time of the original breach in 2012, LinkedIn reset the accounts of those it believed were affected, however the site now says the number of users affected was far greater than initially thought, and they now plan a more wide-scale reset.
In the wake of the 2012 breach, only around 6.5 million details were posted online - but LinkedIn's chief information security officer Cory Scott said he does not believe the extra data was gained as the result of a new security breach.
"In 2012, LinkedIn was the victim of an unauthorised access and disclosure of some members' passwords. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorised disclosure," he said.
"Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.
"Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012."
Mr Scott added that the company was now taking action to secure the affected accounts.
He said: "We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords."
News of the breach is the latest in a long line of cyber attacks on major websites and companies, with telecoms firm TalkTalk and parental forum site Mumsnet among those who have been the victims of security breaches in the last year.