Check whether your email figures in the 117 million LinkedIn data leak

LinkedIn, the professional social network company that was hacked more than four years ago confirmed that a huge batch of login credentials is being sold on the Dark Web by hackers and that millions of customers are still at risk from attack.

In a report published by Vice’s Motherboard, the hackers have been selling 117 million LinkedIn credentials on a black market online called “The Real Deal” for around $2,200 (£1,500) in Bitcoin. A total of 167 million LinkedIn credentials were in the set — still with poorly hashed passwords — and this time, they included email addresses, allowing anyone who got their hands on them steal numerous accounts at other online services.

For its part, LinkedIn offered the same, go-to statement used by every company after a data breach.

“We take the safety and security of our members’ accounts seriously,” wrote Cory Scott, the company’s chief information security officer.

For those unfamiliar, in June 2012, 6.5 million passwords, without additional email addresses, were found being sold in online criminal forums. Many of them included the text string “linkedin,” indicating where they came from.

The passwords had been “hashed,” or scrambled with a one-way mathematical algorithm, in such a poor way that most of the hashes were swiftly “cracked” and the passwords disclosed. Following that revelation, LinkedIn said it reset the passwords for affected accounts, and implemented a stronger hashing algorithm. Further, a year later, the company introduced an option to use to two-step verification.

Troy Hunt, an Australian security expert has now uploaded the entire dataset to his data breach website, HaveIBeenPwned.com, to let anyone check whether their account was compromised.

When you input the email address, the website will cross-verify it with a total of 510,321,085 account details from more than 106 compromised websites.

This includes a total of 167 million LinkedIn accounts that have been made available since 2012, some of which may have originated from following breaches or hacks.

If the details are matched, the site will notify the user to the breach and suggest that they change their password.

Another website, LeakedSource too are offering to alert people if they were affected by the LinkedIn breach, but, it may ask you for money.

However, LinkedIn has reacted to the data breach by “demanding” people stop making the password information available and said it “will evaluate potential legal action if they fail to comply”.

“In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts,” the social network said in a statement on 18 May.

In an update on the breach, a LinkedIn spokeswoman told Tom’s Guide in an email message, “We’ve finished our process of invalidating all accounts we believed were at risk. These were accounts that had not reset their passwords since the 2012 breach. We’ll soon be sending more information to all members that could have been affected, even if they updated their password four years ago.”

While there is no clarity as to why the data from the breach has unexpectedly started circulating four years after the initial breach. Hunt guesses: “It could be many different things; the attacker finally deciding to monetise it, they themselves being targeted and losing the data or ultimately trading it for something else of value.”