LinkedIn hack: Details of more than 100 million users made available for sale on the internet
The site says that it has 400 million users – and data on 117 million of them appears to be part of the huge leak
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.The logins of many LinkedIn users have been stolen and appear to be for sale to anyone who wants to buy them.
The list contains the personal data of more than 100 million users – a large portion of LinkedIn’s accounts – and is now being made for sale online.
A hacker, who goes by the name "Peace," was trying to sell the passwords on the dark web for 5 bitcoin, or about $2,200, according to a Forbes report.
The network said that it believes the hacker's claim that he stole 117 million emails and passwords of users. It had said in 2012, when the passwords were stolen, that only 6.5 million passwords had been taken, though it had advised all of its users to change their passwords.
California-based LinkedIn, which says it has 400 million members in 200 countries and territories around the world, emphasized that there's no indication of a new data breach.
The company said it's working to determine just how many of the passwords in question are still being used and is in the process of resetting them and notifying the users in question.
"In 2012, LinkedIn was the victim of an unauthorised access and disclosure of some members' passwords,” said LinkedIn’s chief security officer Cory Scott. “At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorised disclosure," he said.
"Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.
"Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012."
Mr Scott added that the company was now taking action to secure the affected accounts.
He said: "We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords."
News of the breach is the latest in a long line of cyber attacks on major websites and companies, with telecoms firm TalkTalk and parental forum site Mumsnet among those who have been the victims of security breaches in the last year.
Most security experts advise everyone to change their passwords every so often. That means that if passwords are compromised and then made available later on, they are likely to have expired anyway.
Additional reporting by agencies
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments