- Hacker selling e-mails, passwords of 117 million users
- Still determining how many accounts are ‘active and accurate’
LinkedIn Corp. is investigating whether a breach of more than 6 million users’ passwords in 2012 was bigger than originally thought, following a hacker’s attempt to sell what is purported to be login codes for 117 million accounts.
“It appears that more had been taken then, and just posted now,” spokesman Hani Durzy said. “We are still determining how many of these are still active and accurate, since the data would be about four years old now.”
At the time, LinkedIn reset the passwords of everyone it believed was part of the breach, which amounted to 6.5 million users, Durzy said.
Vice Media LLC’s Motherboard website earlier reported that a hacker is selling the e-mails and passwords of the affected LinkedIn users for about $2,000, and provided about 1 million sample logins for verification. The passwords are encrypted but in a format that is easily cracked.
In September 2015 LinkedIn’s $1.25 million settlement over the breach received final approval by a court. The latest disclosure raises questions about why LinkedIn didn’t reset passwords for all of its more than 160 million users at the time, which is considered good due diligence for Internet companies that experience a major breach.