Hacker 'selling 117 million LinkedIn passwords'

By News Corp Australia Network

More than 100 million LinkedIn passwords have been reported as for sale. Picture: iStock
More than 100 million LinkedIn passwords have been reported as for sale. Picture: iStock

A hacker is advertising what he says is more than one hundred million LinkedIn logins for sale.

The BBC reports that the IDs in question were sourced from a security breach four years ago, although at the time it was thought to be much fewer IDs stolen.

LinkedIn reset the accounts of those it recognised as being compromised, however it has pledged to repeat the move but on a much larger scale.

"We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords," a LinkedIn spokeswoman told the BBC. "We have no indication that this is a result of a new security breach.

"We encourage our members to visit our safety centre to ensure they have two-step verification authentication and to use strong passwords in order to keep their accounts as safe as possible," she said."

LinkedIn CEO Jeff Weiner. Picture: AP
LinkedIn CEO Jeff Weiner. Picture: AP

News site Motherboard said 117 million passwords were being advertised on two hacker sites.

While LinkedIn only had 165 million accounts at the time of the breach, the hack may include people who have logged in through Facebook.

Rik Ferguson, chief technology officer at the cybersecurity firm Trend Micro, told the BBC that the problem stemmed from the fact that LinkedIn had originally "hashed" its passwords but not "salted" them before storing them.

Hashing involves using an algorithm to convert passwords into a long string of digits. Salting is a secondary step meant to stop unauthorised parties from being able to reverse the process.

"A salt involves adding a few random characters, which are different on a per-user basis, to the passwords," Mr Ferguson said.

LinkedIn introduced salting after the attack, but that only benefits the login databases it generated afterwards.

"Using salting is absolutely best practice for storing passwords under any circumstances and was the case back in 2012 as well," Mr Ferguson said

- news.com.au

Get the news delivered straight to your inbox

Receive the day’s news, sport and entertainment in our daily email newsletter


© Copyright 2016, NZME. Publishing Limited

Assembled by: (static) on production bpcf03 at 25 Oct 2016 22:17:28 Processing Time: 436ms