New details emerge regarding 2012 data breach
Four years after the breach, a hacker nicknamed “Peace” is offering for sale a database of 167 million email addresses and hashed passwords, including 117 million already cracked passwords. The passwords were encrypted with the SHA1 algorithm, however they were not salted. (A salt is an extra piece of data which makes it more difficult to crack easy passwords like “123456”.) Because the passwords were not salted, it took only 72 hours to crack 90% of the passwords.
"117 million already cracked passwords"
Troy Hunt, the independent researcher who runs the “Have I Been Pwned?” website, has reached out to victims to confirm that the leaked info is real. A LinkedIn spokesperson has said that the company is investigating.
Along with the massive data breach earlier this month, which covered credentials from Gmail, Yahoo and more, an insane number of account credentials have hit the net. It may be impossible to tell how accurate or recent the account details are, but I feel it safer to assume we’ve all been hit. Be sure to change your passwords often, and try not to recycle passwords between services.