The LinkedIn hack of 2012 just got a whole lot worse.
If you recall, in 2012 LinkedIn reset users’ passwords after hackers broke into the network, stole a database of password hashes, and posted some 6.5 million account credentials on a Russian password forum. LinkedIn was left humiliated by the security breach, which revealed that they had not used a salt while creating the checksums it stored of users’ passwords- making it trivial for fraudsters to crack them.
Now, almost four years later, a hacker going by the name of “Peace” is offering for sale the database of 167 million accounts, including the emails, hashed and (in many cases) already cracked passwords of 117 million users.
As Motherboard reports, security researcher Troy Hunt has confirmed that at least some of the email addresses and passwords offered for sale are the same as those used by LinkedIn users at the time of the hack.