5.25.2016

Are You LinkedIn?

New details emerge regarding 2012 data breach


Back in 2012, LinkedIn suffered a massive data breach which included login details and encrypted passwords for 6 million user accounts. The most recent reports now say that the 2012 breach has resulted in the online sale of email addresses and passwords of about 117 million LinkedIn users. 

Four years after the breach, a hacker nicknamed “Peace” is offering for sale a database of 167 million email addresses and hashed passwords, including 117 million already cracked passwords. The passwords were encrypted with the SHA1 algorithm, however they were not salted. (A salt is an extra piece of data which makes it more difficult to crack easy passwords like “123456”.) Because the passwords were not salted, it took only 72 hours to crack 90% of the passwords.

"117 million already cracked passwords"

Troy Hunt, the independent researcher who runs the “Have I Been Pwned?” website, has reached out to victims to confirm that the leaked info is real. A LinkedIn spokesperson has said that the company is investigating.

Along with the massive data breach earlier this month, which covered credentials from Gmail, Yahoo and more, an insane number of account credentials have hit the net. It may be impossible to tell how accurate or recent the account details are, but I feel it safer to assume we’ve all been hit. Be sure to change your passwords often, and try not to recycle passwords between services.