Data stolen from LinkedIn in a data breach back in 2012 has surfaced online. A criminal hacker is now selling the data for 5BTC (roughly $2200).
Around the time of the breach in 2012, roughly 6.5 million encrypted passwords were posted online, but it appears that much more data was stolen (117 million email addresses and passwords).
LeakedSource, a search engine that’s got a copy of the data, spoke to Motherboard about the data: “It is only coming to the surface now. People may not have taken it very seriously back then as it was not spread […] To my knowledge the database was kept within a small group of Russians.”
Passwords broken in 72 hours
Leakedsource.com, a site holding the data told Motherboard that they had cracked “90% of the passwords in 72 hours”. Troy Hunt, the well-respected owner of the ever-useful site haveibeenpwned.com, got in touch with a few victims of the data breach, who confirmed the passwords Troy had were the passwords they’d been using at the time of the breach.
Weak passwords – 20 most popular passwords from breach
The passwords that were cracked have been listed on leakedsource.com, and it’s not surprising how weak some of these are:
They could have at least correctly capitalised ‘linkedin’.
Trends and traits of data breaches
To help you understand the trends and traits of data breaches, what they are, how and why they occur, and what you can do to avoid suffering a similar fate, take a look at our book of the month: Managing Information Security Breaches – Studies from real life by Michael Krausz.
This thought-provoking guide details how breaches can be treated and the direction you should take if you’ve been affected.
More to come
The story of this data will continue to develop over the next few days. For now, I recommend signing up to our Daily Sentinel to ensure you don’t miss out on any updates.