Advertisment

One hundred million LinkedIn logins for sale

author-image
CIOL Writers
New Update
linkkk

Did you just read the headline and think, what? Are you kidding? No. An advertisement by a hacker claims that he has more than one hundred million LinkedIn logins for sale.

Advertisment

Four years ago, a fraction of the reported number of LinkedIn the IDs were stolen. Then, the business related networking website reset the stolen accounts back to their respective owners. It is now doing the same, but for a much higher number of accounts.

An online forum in Russia uploaded a file post the breach. The file consisted of 6.5 million encrypted passwords. LinkedIn informed the affected users by e-mail that new passwords needed to be registered for their accounts. LinkedIn said it had invalidated all the compromised accounts. Even so, Motherboard had found one user whose listed password was still active but his details were amongst those on sale on the hacking related websites. “It is highly likely that the leak is real”, says a security researcher with access to around one million of the marketed LinkedIn ID’s.

Used to privately network for business and job opportunities, LinkedIn should have reset all its accounts earlier itself, one expert said.

Advertisment

The information regarding LinkedIn’s subscribers’ passwords, and the application of the same passwords on other sites can be misused by criminals

A spokesperson told the BBC, “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is a result of a new security breach. We encourage our members to visit our safety centre to ensure they have two-step verification authentication and to use strong passwords in order to keep their accounts as safe as possible."

Story of the Invalidated IDs

Advertisment

Troy hunt told the BBC, “I've personally verified the data with multiple subscribers . They've looked at the passwords in the dump and confirmed they're legitimate."

LinkedIn had “hashed” but not “salted” its passwords before storing it, causing the problem; another expert pointed out. An algorithm converts passwords into a long string of digits in hashing. Salting stops unauthorised parties to disturb the process. Only the accounts generated after the breach are more secure as LinkedIn decided to bring in salting post the leak. However, experts say that salting is absolutely best practice for storing passwords under any circumstances and was the case back in 2012 as well.

The real story of the ids will always be with LinkedIn, we can just wait and watch!

linkedin