Quite literally, every day someone gets hacked. Whether that’s a telecommunications company having its customer data stolen, or another chain of businesses being ripped for all the credit cards it processes, today one hack just seems to melt into another.
In our series Another Day, Another Hack, we do short posts giving you what you need to know about the hack, so you can figure out whether your bank account, website logins or anything else might be at risk. Because, even if the hack might not be the most sophisticated, real people are still getting fucked over somewhere, and should know about it.
A hacker is trying to sell the account information, including emails and passwords, of 117 million LinkedIn users.
The hacker, who goes by the name “Peace,” told Motherboard that the data was stolen during the LinkedIn breach of 2012. At the time, only around 6.5 million encrypted passwords were posted online, and LinkedIn never clarified how many users were affected by that breach.
Turns out it was much worse than anybody thought.
Peace is selling the data on the dark web illegal marketplace The Real Deal for 5 bitcoin (around $2,200). The paid hacked data search engine LeakedSource also claims to have obtained the data. Both Peace and the one of the people behind LeakedSource said that there are 167 million accounts in the hacked database. Of those, around 117 million have both emails and encrypted passwords.
“It is only coming to the surface now. People may not have taken it very seriously back then as it was not spread,” one of the people behind LeakedSource told me. “To my knowledge the database was kept within a small group of Russians.”
LeakedSource May 17th, 2016 Updated May 19th, 2016
LinkedIn.com was hacked in June 2012 and a copy of data for 167,370,910 accounts has been obtained by LeakedSource which contained emails only and passwords.
LeakedSource has been online for mere months. We’ve accumulated hundreds of databases, not through a miraculously successful spate of hacking attempts, but by scouring the internet and dark web for data. Some of what we find is very new, some is fairly old. We’re scavengers, not hackers — we don’t get to pick and choose. You can search for yourself in the hacked LinkedIn.com database and many others on our main site. If you are in this database, contact us and we will remove you from our copy for free.
Anyone may use the information on this page for free in any capacity provided LeakedSource is given credit and a link back.
Passwords were stored in SHA1 with no salting. This is not what internet standards propose. Only 117m accounts have passwords and we suspect the remaining users registered using FaceBook or some similarity.
The following table is the top passwords used.