A hacker is selling 167 million LinkedIn user records - kinneytryin1978

A hacker is trying to deal out a database dump containing news report records for 167 million LinkedIn users.

The announcement was posted connected a uncheerful market website named TheRealDeal by a user who wants 5 bitcoins, or close to $2,200, for the data set that purportedly contains user IDs, email addresses and SHA1 password hashes for 167,370,940 users.

Reported to the sale ad, the coldcock does non cover LinkedIn's complete database. So, LinkedIn claims on its website to have ended 433 million registered members.

Iliu James Henry Leigh Hunt, the creator of Have I been pwned?, a website that lets users check if they were affected by known data breaches, thinks that it's extremely likely for the news leak to be rightful. He had access to just about 1 trillion records from the data set.

"I've seen a subset of the information and corroborated that IT's legit," Hunt said via email.

Lucian Constantin

A hacker is selling 167 million stolen LinkedIn account records happening a dark market web site.

LinkedIn suffered a data transgress back in 2012, which resulted in 6.5 million exploiter records and password hashes being posted online. It's highly contingent that the 2012 breach was actually larger than previously thought and that the sleep of the stolen data is surfacing straight off.

LinkedIn did not in real time react to a request for comment.

Attempts to contact the seller unsuccessful, but the administrators of LeakedSource, a data leak indexing website, claim to too have a replicate of the data solidification and they believe that the records do originate from the 2012 LinkedIn breach.

"Passwords were stored in SHA1 with atomic number 102 salting," the LeakedSource administrators same in a blog post. "This is non what cyberspace standards propose. Only 117m accounts have passwords and we suspect the unexpended users registered using FaceBook or some similarity."

Unsurpassable security practices take passwords to be stored in hashed form inside databases. Hashing is a one-way operation that generates unique, verifiable cryptographic representations of a string that are titled hashes.

Hashing is useful for validating passwords, because running a password through the same hashing process should always result in the selfsame hash, allowing its comparing with one previously stored in a database.

Converting a haschisc back into the primary watchword should be impossible, which is why it's safer to store hashes instead of inelaborate text passwords. However, there are hand-me-down hashing functions, such American Samoa MD5 and SHA1, that are vulnerable to various cracking techniques and should no longer be misused.

When the 6.5 million LinkedIn password hashes were leaked in 2012, hackers managed to crack over 60 percent of them. The same thing is likely true for the new 117 million hashes, then they cannot be considered harmless.

Worse still, it's very likely that many LinkedIn users that were affected by this leak haven't changed their passwords since 2012. Hunt was able to swear that for leastwise unmatchable HIBP subscriber whose email treat and password hash was in the new information set that is now up for sale.

More people unnatural by this infract are also likely to have reused their passwords in doubled places on the Web, Holman Hunt same via netmail.

LinkedIn users who haven't metamorphic their passwords in a age, are informed to do so As shortly as possible. Turning happening LinkedIn's deuce-step verification is likewise recommended. If the LinkedIn password has been used on other websites, it should exist changed thither also.

Source: https://www.pcworld.com/article/414888/a-hacker-is-selling-167-million-linkedin-user-records.html

Posted by: kinneytryin1978.blogspot.com

Share this post