Another Day, Another Hack: 117 Million LinkedIn Emails And Passwords

MotherBoard

Quite literally, every day someone gets hacked. Whether that’s a telecommunications company having its customer data stolen, or another chain of businesses being ripped for all the credit cards it processes, today one hack just seems to melt into another.

In our series Another Day, Another Hack, we do short posts giving you what you need to know about the hack, so you can figure out whether your bank account, website logins or anything else might be at risk. Because, even if the hack might not be the most sophisticated, real people are still getting fucked over somewhere, and should know about it.

A hacker is trying to sell the account information, including emails and passwords, of 117 million LinkedIn users.

The hacker, who goes by the name “Peace,” told Motherboard that the data was stolen during the LinkedIn breach of 2012. At the time, only around 6.5 million encrypted passwords were posted online, and LinkedIn never clarified how many users were affected by that breach.

Turns out it was much worse than anybody thought.

Peace is selling the data on the dark web illegal marketplace The Real Deal for 5 bitcoin (around $2,200). The paid hacked data search engine LeakedSource also claims to have obtained the data. Both Peace and the one of the people behind LeakedSource said that there are 167 million accounts in the hacked database. Of those, around 117 million have both emails and encrypted passwords.

“It is only coming to the surface now. People may not have taken it very seriously back then as it was not spread,” one of the people behind LeakedSource told me. “To my knowledge the database was kept within a small group of Russians.”

LeakedSource May 17th, 2016 Updated May 19th, 2016

Preface

LinkedIn.com was hacked in June 2012 and a copy of data for 167,370,910 accounts has been obtained by LeakedSource which contained emails only and passwords.

LeakedSource has been online for mere months. We’ve accumulated hundreds of databases, not through a miraculously successful spate of hacking attempts, but by scouring the internet and dark web for data. Some of what we find is very new, some is fairly old. We’re scavengers, not hackers — we don’t get to pick and choose. You can search for yourself in the hacked LinkedIn.com database and many others on our main site. If you are in this database, contact us and we will remove you from our copy for free.

Anyone may use the information on this page for free in any capacity provided LeakedSource is given credit and a link back.

Passwords

Passwords were stored in SHA1 with no salting. This is not what internet standards propose. Only 117m accounts have passwords and we suspect the remaining users registered using FaceBook or some similarity.

The following table is the top passwords used.

 

Rank Password Frequency
1 123456 753,305
2 linkedin 172,523
3 password 144,458
4 123456789 94,314
5 12345678 63,769
6 111111 57,210
7 1234567 49,652
8 sunshine 39,118
9 qwerty 37,538
10 654321 33,854
11 000000 32,490
12 password1 30,981
13 abc123 30,398
14 charlie 28,049
15 linked 25,334
16 maggie 23,892
17 michael 23,075
18 666666 22,888
19 princess 22,122
20 123123 21,826
21 iloveyou 20,251
22 1234567890 19,575
23 Linkedin1 19,441
24 daniel 19,184
25 bailey 18,805
26 welcome 18,504
27 buster 18,395
28 Passw0rd 18,208
29 baseball 17,858
30 shadow 17,781
31 121212 17,134
32 hannah 17,040
33 monkey 16,958
34 thomas 16,789
35 summer 16,652
36 george 16,620
37 harley 16,275
38 222222 16,165
39 jessica 16,088
40 GINGER 16,040
41 michelle 16,024
42 abcdef 15,938
43 sophie 15,884
44 jordan 15,839
45 freedom 15,793
46 555555 15,664
47 tigger 15,658
48 joshua 15,628
49 pepper 15,610

Advertisements

About chainsoff.

Middle East MEDIA SCOPE, LTD Middle East MEDIA POST, LLC MEMBER@ ADVISORY BOARD, DEFENCE UNLIMITED.COM (CANADA) ASSOCIATE@TheIntelligenceCommunity https://www.revolvermaps.com/?target=enlarge&i=0settggap27&dm=4
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s