![]() ![]() "Having a password out there feels like someone being able to let themselves in to your private space whenever they like, without you knowing," the victim, who asked to remain anonymous, said in an email. One of the victims told Motherboard that the password in the sample was their current one, though he changed it as soon as Hunt reached out no notify him of the breach. Motherboard was able to confirm a third victim. Two of them confirmed to Hunt that they indeed were users of LinkedIn and that the password he shared with them was the one they were using at the time of the breach. Troy Hunt, a security researcher who maintains the breach notification site " Have I Been Pwned?," reached out to some of the victims of the data breach. One of the operators of LeakedSource told Motherboard in an online chat that so far they have cracked "90% of the passwords in 72 hours." "To my knowledge the database was kept within a small group of Russians." People may not have taken it very seriously back then as it was not spread," one of the people behind LeakedSource told me. ![]() Of those, around 117 million have both emails and encrypted passwords. Both Peace and the one of the people behind LeakedSource said that there are 167 million accounts in the hacked database. The paid hacked data search engine LeakedSource also claims to have obtained the data. ![]() Peace is selling the data on the dark web illegal marketplace The Real Deal for 5 bitcoin (around $2,200). Turns out it was much worse than anybody thought. At the time, only around 6.5 million encrypted passwords were posted online, and LinkedIn never clarified how many users were affected by that breach. The hacker, who goes by the name "Peace," told Motherboard that the data was stolen during the LinkedIn breach of 2012. While the data they collect is typically considered public information and not particularly sensitive in any way, these collections are still sought after for other purposes, such as building OSINT databases and enriching them with information from multiple sources in order to have a better understanding of the would-be victims threat actors would like to select and target in the future.A hacker is trying to sell the account information, including emails and passwords, of 117 million LinkedIn users. In fairness, the company might be getting the raw end of the stick in this situation, as data scraped off its website and enriched with email addresses from other sources might not be something that LinkedIn can control, and the company can't be blamed for threat actors collecting public data needed to power its service in the first place.īut in the general picture, incidents of scraping public sites have also been getting more common, such as scrapes of Clubhouse, Instagram, and Facebook data. Linked to users' real-life names and personas, the email addresses and the leak are a gold mine for threat actors looking to target high-profile executives or employees working in sensitive areas of a company, such as financial departments or security teams.įortunately, the leak does not include email addresses for each and every user, meaning that the vast majority of the entries included in this leak are worthless.Ĭontacted via email earlier this week, LinkedIn deferred comment to its June 2021 official statement.Īt the time, LinkedIn said that no data breach occurred, and the data was scraped off LinkedIn but also other sites as well. While the vast majority of the data points contained in the leak are already public information and pose no threat to LinkedIn users, the leak also contains email addresses that are not normally viewable to the public on the official LinkedIn site. Location information (town, city, country).The Record analyzed files from this collection and found the data to be authentic, with data points such as: The collection, obtained by The Record from a source, is currently being shared in private Telegram channels in the form of a torrent file containing approximately 187 GB of archived data. Hackers leak LinkedIn 700 million data scrapeĪ collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online this week after hackers previously tried to sell it earlier this year in June. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |