LinkedIn hack: Details of more than 100 million users made available for sale on the internet

The site says that it has 400 million users – and data on 117 million of them appears to be part of the huge leak

Andrew Griffin
Thursday 19 May 2016 14:20

The logins of many LinkedIn users have been stolen and appear to be for sale to anyone who wants to buy them.

The list contains the personal data of more than 100 million users – a large portion of LinkedIn’s accounts – and is now being made for sale online.

A hacker, who goes by the name "Peace," was trying to sell the passwords on the dark web for 5 bitcoin, or about $2,200, according to a Forbes report.

The network said that it believes the hacker's claim that he stole 117 million emails and passwords of users. It had said in 2012, when the passwords were stolen, that only 6.5 million passwords had been taken, though it had advised all of its users to change their passwords.

California-based LinkedIn, which says it has 400 million members in 200 countries and territories around the world, emphasized that there's no indication of a new data breach.

The company said it's working to determine just how many of the passwords in question are still being used and is in the process of resetting them and notifying the users in question.

"In 2012, LinkedIn was the victim of an unauthorised access and disclosure of some members' passwords,” said LinkedIn’s chief security officer Cory Scott. “At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorised disclosure," he said.

"Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.

"Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012."

Mr Scott added that the company was now taking action to secure the affected accounts.

He said: "We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords."

News of the breach is the latest in a long line of cyber attacks on major websites and companies, with telecoms firm TalkTalk and parental forum site Mumsnet among those who have been the victims of security breaches in the last year.

Most security experts advise everyone to change their passwords every so often. That means that if passwords are compromised and then made available later on, they are likely to have expired anyway.

Additional reporting by agencies

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments