![]() Regarding the additional data reported from the same breach, Scott said the company has started invalidating the passwords for all LinkedIn accounts created before 2012 that haven’t changed passwords since the breach. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication.” LinkedIn’s Chief Information Security Officer Cory Scott said, “We take the safety and security of our members’ accounts seriously. His respondents verified that the passwords in the breach were the ones that they were using at the time of the initial breach.Īn official statement from LinkedIn said it is aware of the situation, and its immediate response included a mandatory reset of accounts believed to be compromised. Troy Hunt, researcher from the breach notification site Have I Been Pwned? contacted victims of the data breach. Shared samples of the database was shared to Motherboard by LeakedSource and showed that the database comprised of email addresses, passwords, and the hacked passwords. Both Peace and LeackedSource claim that the database contains 167 million accounts with 117 cracked passwords, and not just 6.5 million, as was previously reported. Paid hacked data search engine LeakedSource also claims that they too have the data. Now, a hacker named “Peace” is selling the stolen database for 5 bitcoin, or close to 2,200 USD. It was later discovered that 6.5 million account credentials were posted on a Russian password forum for the world to see. In 2012, Linkedin suffered a data breach where hackers were found to have stolen password hashes. That data included full names, email addresses, phone numbers, and location information.Long time users of Linkedin users may very well need to change their passwords once more as a cybercriminal puts the email addresses and passwords of 117 million users up for sale. People can see if they have been impacted by the data incident by visiting websites like Have I Been Pwned (HIBP), which list major data breaches.Įarlier this week, a security researcher revealed that data from over half a billion Facebook users was scraped and put online. For instance, hackers could use data like email addresses and phone numbers to conduct more convincing phishing attacks, in which they send people bogus emails that look real but contain links to malicious websites. “When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.”Īlthough the scraped LinkedIn data set doesn’t include sensitive information like credit card information or Social Security numbers, it does include data that could help bad actors perform other sophisticated hacking attempts. ![]() “Any misuse of our members’ data, such as scraping, violates LinkedIn terms of service,” LinkedIn said in a statement. Instead, the bad actors scraped the data from LinkedIn’s public-facing service, similar to a recent cybersecurity incident at Facebook. The service, owned by Microsoft, said that it did not suffer a data breach involving hackers penetrating the company’s internal databases to siphon information. LinkedIn said in a statement that while the scraped data set contains some “publicly viewable member profile data,” it is “actually an aggregation of data from a number of websites and companies,” meaning that bad actors created the data set with information from multiple services. It’s unclear how old the data is, however, and how the bad actors obtained it. The trove of scraped LinkedIn data includes user IDs, full names, email addresses, phone numbers, professional titles, and other work-related data, according to security news and research group CyberNews.ĬyberNews analysts discovered the scraped data set on an online forum for hackers and were able to verify that the data was associated with LinkedIn user accounts. Data from over 500 million LinkedIn users is being sold online to hackers, marking the second major cybersecurity incident to be revealed in the past week, following news of a similar occurrence involving Facebook. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |