A hack of the business social network LinkedIn which was done back in 2012 is still causing problems. The company announced that new data from the hack has been released today and it contains account details and emails for around 100 million of its members. The company also said they were working to try and validate the account details that have been released so that they can notify all the users that are affected by the hack.
The hack which happened back in 2012, saw hackers steal more than 6.5 million encrypted passwords. The hackers then posted the information they had on a Russian hacker forum. Most of the passwords were immediately cracked and released to the world because of how they had been stored in the data dump.
Fast forward four years later, a new report shows that a hacker named “Peace” has been actively working on selling the information of 117 million LinkedIn users on the dark web marketplace. He is selling the information for $2,200 and he prefers being paid in Bitcoin. The data set that “Peace” has at the moment has around 167 million user account details but only 117 million have both emails and their corresponding encrypted passwords.
Since the data set is the same as that of 2012, the passwords are easily cracked and can be seen. Reports say that 90 percent of the passwords had already been cracked in 72 hours. Some of the victims were also using the same password as four years ago, according to the report.
Whether the current LinkedIn users should be concerned can be answered by three main questions. Did you have an account during the 2012 breach? Have you changed your password since? Has that password been used on other sites?
If yes to any of the questions above or if you are not sure about any of them it’s best to change your password and remove any doubt. It is also advisable to change the password for all sites you might have used the same one as that of 2012.
Linked in a statement said that after the 2012 event they had taken moves and steps to prevent the hack again. The company said that they had put in strong encryption methods, some email challenges, and a two-factor authentication system. They noted that the hack had been from 2012 and if there were any email and password combinations noted there was nothing much they could do to help the people affected.