117m LinkedIn account details for sale

The data is available to buy for just £1500 on the dark web

Hacked data search engine LeakedSource has revealed the usernames and passwords of up to 117m LinkedIn users is up for sale by the hacker that stole the data.

The data is being sold by a hacker going by the name of Peace, for just five bitcoin, which converts into 1500 - a cheap price to pay for so much information.

LeakedSource explained that in total, 167m entries are up for sale on the dark web illegal marketplace, The Real Deal, but 50m of these don't have sensitive information such as passwords."LinkedIn has had an awful record of securing their service, and this appears to be another confirmation that they operate without due care for the valuable information they curate," Simon Crosby, CTO and co-founder at Bromium added. "I recommend that users be very cautious of using the service because attackers will use compromised accounts to launch other attacks. Change your password now."It's thought the data was stolen during a security breach in 2012 when 6.5m encrypted LinkedIn passwords were posted online, but at the time, the extent of the data loss wasn't revealed.

A LinkedIn spokesperson said: "Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of LinkedIn members from that same theft in 2012. 

"We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is a result of a new security breach."

However, Toni Gidwani, director of analysis at ThreatConnect explained that this may not be enough and the data may have already been used to access the LinkedIn users' other accounts.

"The long lag time between the breach and passwords now appearing for sale suggests the data has already been mined for other nefarious purposes," he said. "LinkedIn, with its rich context of professional networks, is a gold mine for adversaries looking to social engineer targets for future attacks. Which are you more likely to open: an email from a Nigerian prince?  Or a link in an article sent by someone you've worked with for years?

"Four years after the fact, the breached dataset still has some nominal monetary value, which is why it's for sale for only a handful of bitcoin. But the trickier question is figuring out who has been exploiting the breached data for the last four years and to what end."

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

NSA releases guidance on voice and video communications security
Voice over Internet Protocol (VoIP)

NSA releases guidance on voice and video communications security

18 Jun 2021
Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Four in five ransomware victims suffer repeat attacks
ransomware

Four in five ransomware victims suffer repeat attacks

16 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021