167 million LinkedIn accounts for sale on dark market, linked to 2012 breach

Shawn Knight

Posts: 12,698   +124
Staff member

A collection of 167 million LinkedIn accounts is up for sale on a dark market website. The asking price? A mere five Bitcoins, or roughly $2,200.

The data dump was recently posted on TheRealDeal and reportedly contains user IDs, e-mail addresses and SHA1 password hashes for 167,370,940 users. Renowned security researcher Troy Hunt, who manages a site that lets people know if their data has been stolen, told Computerworld he has seen a subset of the data and verified that it’s legitimate.

While 167 million is a number that’s certainly enough to make LinkedIn’s day pretty crummy, it doesn’t represent the site’s entire database. On its website, LinkedIn says it has more than 433 million registered users.

LinkedIn was the victim of a security breach in 2012 in which 6.5 million accounts were stolen and posted online. Administrators from data leak indexing website LeakedSource, who also claims to have a copy of the fresh data set, believe the accounts in question originate from the 2012 breach.

Of the 167 million accounts currently up for sale, LeakedSource says only 117 million have passwords attached to them which suggests the remaining users may have registered for LinkedIn through Facebook or some other outside service.

If this data is indeed four years old, the 2012 breach was far more widespread than initially thought. It’s unclear why the hacker(s) would have sat on such a large subset of data for so long before putting it up for sale.

Existing LinkedIn users are encouraged to change their passwords immediately. It’s also advisable to enable the site’s two-factor authentication and change passwords on other sites in which users might have recycled old passwords on.

Lead image courtesy Twin Design, Shutterstock

Permalink to story.



Posts: 661   +299
TechSpot Elite
I changed all my passwords in October :)
I wouldn't say I'm particularly security concerned compared to others but I don't use the same password for anything.


Posts: 90   +74
Better off to dump the account altogether. Hoffman (founder) is an amnesty supporter, which could mean the loss of many jobs by account holders to foreign workers (Lots of if there, but the blatant support for cheap labour by Hoffman is apparent from his twitter feed and FWD.com, which he is a founder: 3) A path to citizenship for current and prospective immigrants to the United States, including those who are present in the United States illegally.).

Hard to trust a billionaire who is holding your data but pushing for cheap labour through ignoring the laws of the country that gave him the environment in which to be the success he is.