A hacker is attempting to sell account information, including emails and passwords, of 117 million LinkedIn users. The hacked data is reportedly from an older breach which affected LinkedIn in 2012. At the time of the hack, only 6.5 million encrypted passwords were posted online. Now, however, the breach appears to be making waves yet again, in a much more widespread and alarming way.
The hacker going by the name of "Peace" told Motherboard that the data was stolen during the 2012 LinkedIn breach, which is now up for sale on the dark web forum The Real Deal for 5 bitcoin (around $2,200, £1,500).
Leaked Source, the paid search engine for hacked data, has also claimed to have gotten their hands on the data. A representative of Leaked Source as well as the hacker, both say that of the 167 million hacked accounts in the database, 117 million have both the emails as well as encrypted passwords.
"It is only coming to the surface now," said the Leaked Source representative. "People may not have taken it very seriously back then as it was not spread. To my knowledge the database was kept within a small group of Russians."
Security researcher Troy Hunt, who runs the website "Have I Been Pwned?" reportedly got in touch with several of the victims of the breach, two of whom confirmed that the passwords he shared with them, were in fact the same as the one they were using as LinkedIn users at the time of the 2012 breach. Motherboard claims to have confirmed the details of a third victim as well.
LinkedIn spokesperson Hani Durzy did not confirm if the data on sale on the dark web was legitimate but said that the firm was currently investigating the matter. However, Durzy did admit that the 6.5 million passwords that were leaked online after the 2012 breach were not necessarily all of the passwords stolen. "We don't know how much was taken," he said.