LinkedIn accounts have always presented temptations to hackers for them to try at any rate to obtain access to those accounts. So it is not surprising at all when it was reported that more than 117 million user login credentials of the social networking site for professionals have been found on sale on the black market.
Security researchers have spotted on a black market maintained by a hacker who likes to call himself or herself Peace the LinkedIn user credentials being sold for five Bitcoins, equivalent to approximately $2,280. If you recall from recent memory, LinkedIn was also hacked in 2012, which resulted in the compromise of more than six million user login details.
According to the researchers that discovered the latest LinkedIn breach, data compromised included usernames, email addresses and passwords hashed in SHA1. Overall, there are a total of 167 million accounts being advertised as for sale. The sold data were reportedly stolen by operators of LeakedSource, a data and breach search service. Other security pundits and experts could confirm the legitimacy of the data sold on the black market.
Although LinkedIn nullified the passwords of the breach victims in 2012, the password reset effort seemed futile because the number of compromised accounts shot up from 6 million by the time of the data breach to 117 million at present. The big deal about the breach is that the email addresses and passwords involved are still valid, and so they guarantee sure profit.
Considering that the treasure trove of data belongs to professionals, it would even more attract the interest of bad actors that are after personally identifiable information for business. As a countermeasure, LinkedIn asked its users to change their passwords at once as the company works to invalidate the passwords of the compromised accounts. The social networking site is also certain that the latest breach has not been a result of a new breach, but that it is indeed related to the 2012 data hack.
What we can take as a lesson from this data breach is that despite efforts in the past couple of years to hash and salt passwords in LinkedIn’s database, the security and safety of users have not been completely protected at all.
The company now calls on users to turn on the two-factor authentication security feature of their accounts in order to beef up security. The breach highlights the need to set two step verification as the default setting, instead of being a mere option.