If you had a LinkedIn account in 2012 or earlier, make sure you’ve changed your password.
The social site on Thursday confirmed a report that some 117 million email addresses and passwords to LinkedIn accounts have made their way to hacker websites following a hack attack in 2012.
“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords,” LinkedIn’s chief information security officer, Cory Scott, said in a blog post.
According to Motherboard, a hacker by the name of “Peace” has been shopping the account details on a darkweb site called The Real Deal, offering to sell it for five bitcoin, or about C$2,967.
Another darkweb site, LeakedSource, told Motherboard it also obtained the data. There are 167 million entries in the data, but only 117 million of them have both a username and password, LeakedSource said.
The leaked data come from a 2012 hack on LinkedIn, which at the time exposed 6.5 million user passwords.
At the time, tech experts criticized LinkedIn for how it stores passwords: They were encrypted, but without “salt,” or additional meaningless letters and numbers designed to make it harder to crack the password. Hackers at darkweb site LeakedSource say they were able to crack 90 per cent of the passwords within 72 hours.
LinkedIn says it has improved its password security since the 2012 hack.
“For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication,” Scott said on the LinkedIn blog.
“We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible.”
Also on HuffPost