Jump to content

2012 LinkedIn Breach Just Got a Lot Worse: 117 Million New Logins For Sale


RV_

Recommended Posts

For those who use Linked in for professional profiles your login credentials are likely available to the criminals. If you are one of the many who uses the same password everywhere they will have the keys to your kingdom.

 

Excerpt:

 

"Over 117 million LinkedIn user logins are for sale on the black market “The Real Deal” by hacker “Peace” for five Bitcoins ($2,280). The breach is tied to an earlier hack on LinkedIn in 2012, when the company originally said 6.5 million accounts had been compromised.

 

The hacker, identified as Peace, claims the the data includes user IDs, email addresses and hashed passwords (SHA1) for LinkedIn users. Peace is advertising the sale of LinkedIn data for 167 million accounts. A second source that includes the data and breach search service called LeakedSource claims it’s familiar with the data and said 117 million of the records for sale by Peace include email address and unsalted SHA1 hashed passwords.

 

The publication Motherboard is reporting that operators of LeakedSource were able to crack “90 percent of the passwords in 72 hours” or 117 million accounts. Noted security researcher Troy Hunt, via his Twitter account said he has seen and verified authenticity of portions of the username and passwords adding “It’s highly likely to be legit” data.

 

At the time of the initial 2012 breach LinkedIn said it invalidated the passwords of “all affected users,” which at the time the company said was 6 million accounts out of 140 million.

 

“Unfortunately, it would seem that password reset fell short of what we now know to be over a hundred million accounts,” said Tod Beardsley, security research manager at Rapid7.

 

Beardsley and other security firms say the cache of compromised 4-year-old account passwords may have limited worth among hackers, and the real value is with a treasure trove of valid user email addresses. “The most valuable data in the LinkedIn compromise may not be the passwords at all, but the enormous registry of email addresses connected to working professionals,” Beardsley said."

 

The whole article is here with more details: https://threatpost.com/2012-linkedin-breach-just-got-a-lot-worse-117-million-new-logins-for-sale/118173/

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

YW Jim,

If you changed your passwords in the last 4 years you're fine unless you used the LinkedIn PW for other accounts since. I'm glad I've avoided all the social and professional websites. But our credit cards were compromised from bank hacks. All we can do is make the changes and move on. I try to keep friends informed on the ones we might be targets for.

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

I appreciate your pulling together info on things, Derek. You seem to have a good ability to sift thru media sources, and bring out that which is Useful & interesting... especially Space Program news! I generally don't do social media, but Linkedin was useful back in my IT working days and I am still coasting on that entry. And to please our kids... I/we find a 'passive' Facebook account useful on occasion!

 

I have a Password Manager that I use for maintaining 'good' passwords so changing is not all that big of a deal. Hope all is well back in Haughton. Thanks.

Jim

2007 Dolphin

  • Safe-T-Plus Steering Bar

Our Blog: Click Here

Link to comment
Share on other sites

Thanks Jim, my pleasure.

All is well as anyone can be. When you are back in the area I think you will like how we did the new house. We have the structure and inside done and are loving it. We can't get a backhoe in for the drainage and to do the final finish grade around the dirt pad. Stop by when you are in the area. I haven't used a PW manager yet but am getting a Round Tuit as soon as I can.

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Swharton, here is todays news about the breach:

 

LinkedIn Slams Breach Data Reseller With Cease and Desist Order

 

LinkedIn is striking back against a website attempting to monetize the 117 million usernames and passwords stolen from the company as part of a 2012 data breach. Website LeakedSource is reporting lawyers representing LinkedIn have served the company a cease and desist order on Wednesday alleging the company is in violation of California’s Computer Fraud and Abuse Act because it is “illegally copying and displaying LinkedIn members’ information” without their consent.

Earlier this week, Over 117 million LinkedIn user logins went up for sale on the black market “The Real Deal” by hacker “Peace” for five Bitcoins ($2,280). LeakedSource, which is selling access to the data via a subscription model, claimed it is in the possession of 117 million of the LinkedIn account records that include email address and unsalted SHA-1 hashed passwords.

https://threatpost.com/linkedin-slams-breach-data-reseller-with-cease-and-desist-order/118213/

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

I just saw an article where Linkedin is telling their customers to change passwords. This happened 4 years ago, why have they delayed telling their customers about the breach? Several of my sensitive sites force me to change my password every 6 months. I have a love/hate with this policy especially since they don't allow me to reuse a password that I used in xx months/years.

Link to comment
Share on other sites

S Wharton,

I think you missed the main newsworthy part. The breach was four years ago, but the criminal market just put the data up for sale in the last week or three. Originally Linked in said the breach involved only 6 million accounts, but now they see over 100k accounts info for sale on the black market. So with the email addresses and an old password, they can likely use them on other websites where users only used one password for all their websites, then only changed Linked in. Read the links.

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...