May 19, 2016 by

117 Million LinkedIn User Credentials up for Sale

A hacker who goes by the moniker “Peace” is trying to sell LinkedIn account information of some 117 million users, including emails and passwords, on an illegal dark web marketplace.

Motherboard has revealed that the emails and passwords of 117 million LinkedIn users are now up for sale, after breach which occurred in 2012. At the time, LinkedIn did not clarify how many users were a part of the breach and only 6.5 million encrypted passwords were posted on the internet.

However, a hacker named “Peace” has told the publication that the data trove of over 100 million LinkedIn user credentials are being sold on an illegal marketplace called “The Real Deal.” The asking price? 5 bitcoins, or about $2,200 in current exchange rates.

Related article: The Rise of LinkedIn Fraud (And How to Avoid Being a Victim)

Paid hacked data search engine LeakedSource is also claiming to have obtained the data, as well. An administrator at LeakedSource and the hacker known as Peace have both revealed the actual total of the hacked LinkedIn database, a staggering 167 million accounts. Among the entire lot, nearly 117 million accounts have both emails and encrypted passwords.

Speaking to Motherboard, a person from LeakedSource stated:

It is only coming to the surface now. People may not have taken it seriously back then as it was not spread. To my knowledge, the database was kept within a small group of Russians.

To back up the claim, LeakedSource even provided the publication with a sample of nearly one million credentials. This batch contained email addresses, hashed passwords and the subsequent hacked passwords.

LinkedIn confirmed the leak in a blog post soon after. It read:

Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012.

We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Czech Court Rules LinkedIn Hacker can be Extradited to U.S or Russia

In October 2016, a Russian-born hacker was arrested in Prague in a law enforcement effort...

Read more arrow_forward

Breach Database Website LeakedSource Busted by Feds

LeakedSource, a breach notification website that also sold database access to over 3 billion hacked...

Read more arrow_forward

US and Russia ask Czechs to Extradite Alleged Russian Hacker

The alleged Russian hacker behind the breach of some major social media organizations' networks...

Read more arrow_forward