A hacker is advertising what they claim is more than one hundred million LinkedIn logins for sale, forcing the social network to reset accounts.
The IDs were reportedly sourced from a breach four years ago, which had previously been thought to have included a fraction of that number.
At the time, the business-focused social network said it had reset the accounts of those it thought had been compromised. LinkedIn now plans to repeat the measure on a much larger scale.
The hacker, known as Peace, is selling the data on the dark web illegal marketplace, The Real Deal, for 5 bitcoin (around $2,200).
Hacked data search engine, LeakedSource, also claims to have obtained the data.
Both Peace and the one of the people behind LeakedSource said that there are 167 million accounts in the hacked database. Of those, around 117 million have both emails and encrypted passwords.
LinkedIn is often used to send work-related messages and to find career opportunities – activities its members would want to stay private.
Criminals could make use of this information or see if its subscribers had used the same passwords elsewhere.
Has the data already been mined?
Toni Gidwani, director of analysis at ThreatConnect Inc, said: “What we are likely seeing here is the long tail of the 2012 LinkedIn breach. The good news is that basic security practices, such a not reusing passwords across different sites and leveraging two-factor authentication whenever possible – are an effective way to both prevent unauthorized access to your accounts and to limit the possible contagion when breaches occur.
“The long lag time between the breach and passwords now appearing for sale suggests the data has already been mined for other nefarious purposes. LinkedIn, with its rich context of professional networks, is a gold mine for adversaries looking to social engineer targets for future attacks. Which are you more likely to open: an email from a Nigerian prince? Or a link in an article sent by someone you’ve worked with for years? Four years after the fact, the breached data set still has some nominal monetary value, which is why it’s for sale for only a handful of bitcoin. But the trickier question is figuring out who has been exploiting the breached data for the last four years and to what end.”
“Change your password now”
Simon Crosby, CTO and co-founder at Bromium, added: “LinkedIn has had an awful record of securing their service, and this appears to be another confirmation that they operate without due care for the valuable information they curate. I recommend that users be very cautious of using the service because attackers will use compromised accounts to launch other attacks. Change your password now.”