Expand / Collapse search
Watch TV
Menu

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital Solutions. Legal Statement. Mutual Fund and ETF data provided by Refinitiv Lipper.

Tech

Report: Hacker puts data from 167 million LinkedIn accounts up for sale

Digital Trends
Published | Updated
d3e7d153-USA

File photo - The logo for LinkedIn Corporation, a social networking website for people in professional occupations, is pictured in Mountain View, California Feb. 6, 2013. (REUTERS/Robert Galbraith)

A hacker is attempting to sell a package containing account records for 167 million LinkedIn users. The data set reportedly contains user IDs, email addresses and SHA1 password hashes -- and the asking price is a measly five bitcoins, which roughly converts to about $2,200 based on current market rates.

The sale is being advertised through a dark market website known as TheRealDeal, according to a report from MacWorld. The listing confirms that the package doesn't contain the entire LinkedIn userbase, which is more than double the 167 million entries being advertised.

It's believed that this data was stolen during a major breach of LinkedIn's security that took place in 2012. At the time, only 6.5 million passwords were released to the internet, but the administrators of security breach indexer LeakedSource have stated in a blog post that there's evidence that this sale is using records accessed in that attack.

More from Digital Trends:

Your skull has a unique 'fingerprint', and SkullConduct lets you use it as a password

Hack shows government and military employees used their email addresses on hardcore fetish site

Third-party Minecraft community lost 7 million user passwords, and didn't inform users

A data breach in London left 15,000 new and expectant parents' info compromised

Of the 167 million accounts affected, some 117 million contain hashed passwords; the rest are thought to have been set up via a Facebook login, or another similar process. However, the protection applied to these passwords leaves a lot to be desired.

The passwords were hashed using the SHA1 function, which has long since been cracked and is no longer considered to be secure. The data was not salted, adding to the likelihood that whoever purchases the package will be able to decrypt the information, and potentially access the affected accounts.

If you haven't changed your LinkedIn password in several years, now is the time to do so -- and it might be worth enabling the site's two-factor authentication process while you're at it. Of course, if you use the same email address and password combination across several sites and services, you'll need to make the change across the board.