Back in 2012, the famous professional social site LinkedIn got hacked ending up with over 100 million stolen emails and passwords. The company announced yesterday that another data set from the 2012 hack had just been released. The company was quick to issue a statement that it is working to validate the accounts and contact the affected users for them to reset their passwords.
Still the hackers had stolen the encrypted passwords in 2012 and posted them on a Russian hacker forum. Since the stolen passwords had been stored as unsalted SHA-1 hashes, cracking them was quite easy for the advanced hackers.
According to several reports, a hacker going by the name “Peace” is trying to sell millions of passwords and emails of the LinkedIn members on the dark web. The hacker is looking to earn $2200 from the 117 million emails and passwords and they are only payable via bitcoin.
Since it is the same data set that came from the 2012 hack, the passwords were encrypted in the same no salt technique. This means cracking them is fairly easy for the hackers. Reports show that 90 percent of the hacked passwords had been cracked within 72 hours of the crack. The funny bit is that some of the hacked victims are still using the same password they did back in 2012.