LinkedIn passwords for 117 million users 'up for sale'

A hacker claiming to have passwords belonging to 117 million LinkedIn users is advertising the data for sale online.

The extensive list of users' security details is thought to have been sourced from a cyber-attack on the business networking site in 2012.

According to the news site Motherboard, a hacker called "Peace" is selling the data on The Real Deal, a dark web illegal marketplace, for five bitcoins (£1,500).

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Four years ago LinkedIn admitted to a security breach but said only 6.5 million users' account details were posted online.

The site now says the number of users affected was far greater than initially thought and they are urging anyone affected to reset their passwords.

"Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012," the company's chief information security officer Cory Scott wrote in a blog post.

"We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach."

For LinkedIn, the lesson is the same as four years ago: "don't store passwords in an insecure way", says Motherboard.

As for LinkedIn users, if you haven't already changed your password since the cyber-attack four years ago, "change it again", says the website, "especially if you use it on other services (and please stop reusing passwords)".

News of the breach is the latest in a long line of cyber-attacks on major websites and companies, with telecoms firm TalkTalk and parental forum Mumsnet among those who have fallen victim to security breaches in the last year.