In 2012, LinkedIn was hacked by a Russian hacker, who exposed the login details and encrypted passwords of more than six million users on the Internet. Now, four years later, the professional social network has announced on its blog that another data set containing email and passwords of more than 117 million users have now been released. LinkedIn is also working on validating these accounts and has a precautionary measure; it has contacted the affected users to reset their passwords. Also Read - Personal data of almost 500 mn LinkedIn users for sale online, Co deny breachAlso Read - LinkedIn being used by hackers to dupe people with fake job offers
As the passwords were encrypted with SHA1 algorithm and not salted (a security technique to make it difficult to decrypt), the paid search engine for hacked data, LeakedSource, just took about 72 hours to crack more than 90 percent of these passwords. They have also released a list of most commonly hacked passwords found in the dataset. Some of these include 123456, qwerty, sunshine, 654321, 111111, linkedin and password among others. Also Read - LinkedIn creator mode and Story Cover: Here's how to use
Now a hacker going by nickname Peace has put on sale, the data of around 167 million accounts, Motherboard reports. Out of these, it contains already cracked emails and encrypted passwords of 117 million users. The data is available for 5 Bitcoins (roughly $2,200 or Rs 145,500 approximately) on Dark Web marketplace, The Real Deal.
It goes without saying that these passwords are poor choices for online accounts. To help generate more complex and lengthy passwords, security experts recommend using a password manager. They also recommend using two-factor authentication and to not use the same password across multiple sites.