A hacker is trying to sell Linkedln User data which he says spans more than 100 million account records. This advertisement was posted on a dark market website called TheRealDeal by a user who wants 5 bitcons, the equivalent of $2,200, for the information.
The IDs were reportedly obtained from a security breach at Linkedln four years ago where some accounts were compromised. Linkedln said it had reset the accounts of those it thought had been compromised. After the breach first occurred, a file containing 6.5 million encrypted passwords was posted to an online forum in Russia.
The user data apparently contains email addresses, SHA1 passwords and user IDs for 167,370,940 Linkedln users. With this new revelation, Linkedln plans to reset a broader of accounts; possibly, all of the accounts.
Best security practices call for passwords to be stored in hashed form inside databases. Hashing is a one-way operation that generates unique, verifiable cryptographic representations of a string that are called hashes.
Linkedln users should change their passwords as soon as possible, and should also consider doing the same for any other accounts they own using the same credentials. They should also activate Linkedln’s two-step verification process.