‘LinkedIn hack of 2012 affects many more accounts than previously assumed’

A hacker offers the passwords and usernames of 117 million LinkedIn users for the price of five bitcoins. The data would come from the hack on LinkedIn in 2012. At the time, it was revealed that 6.5 million password hashes had been stolen.

Motherboard reports that the hacker is hiding behind the name ‘Peace’ and that the data is offered via the site The Real Deal for a price of 2020 converted euros. It would concern 167 million accounts, of which 117 million combinations of usernames and passwords. These passwords are just hashed using the outdated sha1 algorithm and not salted, making them fairly easy to retrieve.

The website Leakedsource, which also claims to be in possession of the data, says it was able to crack 90 percent of the passwords within 72 hours. It is not yet fully established whether the data actually concerns the login details of 117 million LinkedIn users. So far, only three victims have been identified by Motherboard in conjunction with security researcher Troy Hunt. The victims confirmed that they were indeed using the password and username combination found in the database at the time of the hack.

Troy Hunt is the one behind the ‘have I been pwned’ site, where users can check if their data has been leaked in a hack. Hunt late via Twitter know that he is still verifying the data, but that it is ‘very likely’ that it is actually LinkedIn data. Hunt doesn’t own the entire database yet, but is currently investigating a small part.

LinkedIn has not made any announcement yet, it is expected. A company spokesperson told Motherboard that it’s not clear how much data was stolen in 2012, and that it could be more than the 6.5 million confirmed at the time.

Sales ad of the data, image via Motherboard