167 Million LinkedIn Passwords Put on Sale By a Hacker

By -

167 Million LinkedIn Passwords Put on Sale By a Hacker


LinkedIn suffered a massive data breach in which more than 6 Million users accounts login details, including encrypted passwords, were posted online by a Russian hacker.

Now, it turns out that it was not just 6 Million users who got their login details stolen.

Almost after 4 years, a hacker under the nickname "Peace" is offering for sale what he/she claims to be the database of 167 Million emails and hashed passwords, which included 117 Million already cracked passwords, belonging to LinkedIn users.

The hacker, who is selling the stolen data on the illegal Dark Web marketplace "The Real Deal" for 5 Bitcoins (roughly $2,200), has spoken to Motherboard, confirming these logins come from the 2012 data breach.

Since the passwords have been initially encrypted with the SHA1 algorithm, with "no salt," it just took 'LeakedSource', the paid search engine for hacked data, 72 hours to crack roughly 90% of the passwords.

Troy Hunt, an independent researcher who operates "Have I Been Pwned?" site, reached out to a number of the victims who confirmed to Hunt that the leaked credentials were legitimate.

The whole incident proved that LinkedIn stored your passwords in an insecure way and that the company did not make it known exactly how widespread the data breach was at the time.

In response to this incident, a LinkedIn spokesperson informs that the company is investigating the matter.
In 2015, Linkedin also agreed to settle a class-action lawsuit over 2012's security breach by paying a total of $1.25 million to victims in the U.S, means $50 to each of them.

According to the lawsuit, the company violated its privacy policy and an agreement with premium subscribers that promised it would keep their personal information safe.

However, now new reports suggest that a total 167 Million LinkedIn accounts were breached, instead of just 6 million.

Assuming, if at least 30% of hacked LinkedIn Accounts belongs to Americans, then the company has to pay more than $15 Million.

Meanwhile, I recommend you to change your passwords (and keep a longer and stronger one this time) and enable two-factor authentication for your LinkedIn accounts as soon as possible. Also, do the same for other online accounts if you are using same passwords on multiple sites.


Comments

Post a Comment

Popular posts from this blog

Keyboard Shortcuts That you must learn

By -
Image
Keyboard Shortcuts That you must learn Getting used to using keyboard exclusively and leaving your mouse behind will make you much efficient at performing any task on window system.Some of the shortcuts that must be known Windows+R=Run menu This is usually followed by cmd=Command Prompt iexplore+"web address"=Internet Explorer compmgmt.msc=Computer Management dhcpmgmt.msc=DHCP Management dnsmgmt.msc=DNS  Management services.msc=Services eventvwr=Event Viewer dsa.msc=Active Directory users and Computers dssite.msc=Active Directory  Sites and Services Windows key + E= Explorer ALT+TAB=Switch between windows ALT,Space,X=Maximize Windows CTRL+SHIFT+ESC=Task Manger Windows key+Break=System Properties Windows key + F= Search Windows key + D=Hide/Display all windows Keep in mind that the "Right Click" key next to the right windows on keyboard.Using the arrows and that key can get just about anything done once you've opened up any prog
Read more

Stay Secured By IP Spoofing In Kali Linux or Ubuntu Using Torsocks

By -
Image
Stay Secured By IP Spoofing In Kali Linux or Ubuntu Using Torsocks torsocks  allows you to use most applications in a safe way with TOR. It ensures that DNS requests are handled safely and explicitly rejects any traffic other than TCP from the application you’re using. In this post we will cover IP spoofing in Kali Linux with torsocks which will allow users to connect to certain services that is banned to them.  torsocks  is an ELF shared library that is loaded before all others. The library overrides every needed Internet communication libc function calls such as connect() or gethostbyname(). This process is transparent to the user and if  torsocks  detects any communication that can’t go through the Tor network such as UDP traffic, for instance, the connection is denied. If, for any reason, there is no way for  torsocks  to provide the Tor anonymity guarantee to your application,  torsocks  will force the application to quit and stop everything.  In this article I will guide
Read more

How To Find Uploaded shell and Passwords By Google dorks (priv8 dorks)

By -
How To Find Uploaded shell and Passwords By Google dorks (priv8 dorks) How To Find Uploaded shell By Google dork (priv8 dorks) Go to Google.com and type these Dorks, and you will got a Lot of uploaded shells in Google serach results !! Dorks for finding shells  inurl:.php "cURL: ON MySQL: ON MSSQL: OFF"  "Shell" filetype:php intext:"uname -a:" "EDT 2010" intitle:"intitle:r57shell" [ phpinfo ] [ php.ini ] [ cpu ] [ mem ] [ users ] [ tmp ] [ delete ] inurl:"c99.php" & intext:Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout inurl:"c100.php" & intext:Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout intitle:"Shell" inurl:".php" & intext:Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update  Dorks for finding Passwords filetype:htpasswd htpasswd intitle:"index of" ".htpasswd" -intitle
Read more