Its not over yet! LinkedIn announced that more than 100 million log in credentials have suddenly appeared on the dark web. The credentials are believed to be from a 2012 data breach. Some media websites have reported that the number of credentials for sale could be as high as 167 million.
LinkedIn said in a statement “Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations…from that same theft in 2012. We have no indication that this is as a result of a new security breach.” LinkedIn declared it was taking “immediate steps” to invalidate the passwords of the affected accounts and contacting those members to reset their passwords.
A Russian hacker who goes by name of “Peace,” is offering 117 million email and password combinations on a hacker website. Motherboard.vice.com said it has obtained a sample of about one million credentials from Leak Source, a paid search engine for hacked data. Leak Source claims to have 167 million of the leaked log in credentials. According to Motherboard.vice.com the asking price for the data is five Bitcoins, or about $2,300.
LinkedIn took action by resetting user names and passwords of members who joined the networking site prior to 2012 and who failed to change their passwords since the last breach. LinkedIn added, “We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply. In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts.”
For LinkedIn users here are steps you should take immediately to protect your account.
- Immediately change your password. Make sure you use a passphrase containing at least 12 characters. Mix ’em up! use number, letters and special characters. Check your password strength here.
- Enable two-factor authentication. Learn that here.
- Never, ever use the same password on different accounts (email, social networks, etc)! If you do change them all NOW! This ensures hackers can’t access your other accounts.