back to article Dark net LinkedIn sale looks like the real deal

A hacker is attempting to sell 117 million LinkedIn users' emails and passwords on the dark web. The black hat "Peace" claims the data is the fruits of a well publicized LinkedIn breach from 2012. At the time, only around 6.5 million encrypted passwords were posted online. The business-focused social network LinkedIn never …

  1. Swarthy
    Facepalm

    Well, Crap!

    1. BillG
      Facepalm

      It gets worse - the passwords were not salted:

      LinkedIn Hacked, Passwords Please No Salt

      1. Chemical Bob
        Trollface

        Salt is bad for your blood pressure

      2. Tim 11

        the link about salting is from 2006. presumably they have fixed this now in which case the hashed passwords are useless?

        1. BillG
          Holmes

          the link about salting is from 2006

          Actually, it's from 2012.

  2. Steve K
    Coat

    Password changes

    "While people's passwords can and should change routinely"

    Well that's not what GCHQ said today...;-)

    1. Paul Crawford Silver badge

      Re: Password changes

      The problem is not the change period for any passwords.

      The problem is people who use the same password for sites like Linkedin, Facebook, etc, and their work, bank accounts, etc

      1. Valeyard

        Re: Password changes

        The problem is people who use the same password for sites like Linkedin, Facebook, etc, and their work, bank accounts, etc

        yeah 2FA only works for your linkedin account, but anyone using that email address/password combination on another site should probably go into panic mode and learn a very valuable lesson

  3. This post has been deleted by its author

    1. A Bee
      Coat

      Re: Password changes

      @Steve K

      Someone seems to have hacked your account and copied your post.

      1. Steve K
        Black Helicopters

        Re: Password changes

        That's OK - I haven't changed the password now ;-)

        (@ A. Bee Have an upvote from me too. Thread makes less sense for future readers now as I deleted the duplicate before I saw your post...... Sorry)

        No idea how I managed to post twice - might have been using the back button to add a post icon.

        Steve

  4. disgruntled yank

    Oh, well

    I change my LinkedIn password frequently, because I forget it so often. As for the email, there isn't much I can do but rely on the spam filter.

    1. The Boojum

      Re: Oh, well

      Another +1 for the approach of having your own domain and creating unique email aliases for each site you deal with.

      1. VinceH

        Re: Oh, well

        I've done that for years, but I go one step further now. Starting towards the end of last year, that unique domain now has a number of subdomains on it, and the unique email addresses I give out on it are spread between them. If any such email address is leaked, I now only have to update a subset of them - which saves some effort on my part.

        Additionally, one of those subdomains is more disposable than the rest: I use that for things I'm even less bothered about needing to remember - where next time I visit the site/shop/whatever, it doesn't matter if I have to use a fresh address.

        I've yet to migrate everything from the domain to the subdomains - but once I've reached a tipping point in terms of what addresses have been migrated, I'll disable email for the domain itself.

    2. Captain Badmouth
      Happy

      Re: Oh, well

      "I change my LinkedIn password frequently, because I forget it so often. As for the email, there isn't much I can do but rely on the spam filter."

      If they've got your email address they can change your password for you.

      1. Mpeler
        Holmes

        Re: Oh, well

        At which point it becomes LockedOut...

        LinkedIn --> LockedOut - - - What's not to like? (/sarc)

      2. Paul Crawford Silver badge

        Re: Captain Badmouth

        No, they would need control over your email account to do that. Of course if you used the same password...

        1. Captain Scarlet

          Re: Captain Badmouth

          All these posts of having millions of email address on their own domain makes my I have a general junk email and a normal account look like I am a lazy person :(

          1. VinceH

            Re: Captain Badmouth

            You are :p

  5. dvhamme

    I deleted my account when the breach first became public. When someone asks me if I'm on LinkedIn I gladly tell them why I'm not; it seems my reasons are still valid. They don't even take security serious after some hacker puts their amateurism on the front page.

    1. Anonymous Coward
      Anonymous Coward

      Yep - why change your password when there are a so many reasons to delete your account?

      Networking is everything, but only the old-fashioned kind, not 'social networking' facilitated by these spam factory websites.

      1. wolfetone Silver badge

        The main reason why I'll be deleting my LinkedIn account is the daily emails I get from recruiters wanting to connect with me. Either that or chaps from India wanting to connect with me because they feel I may want to out source my work.

  6. Barry Rueger

    Still Confused

    ...about what real use LinkedIn is to most of those 100+ million people.

    Aside from being a handy place to post a seriously detailed and long form resume - more than you would ever commit to paper - the only thing that I ever seem to see are "friend" requests from complete strangers, in even stranger places.

    LinkedIn, like far too many Internet sites, did itself in by trying to turn a relatively simple service into something large, overly complex, and in which the useful bits are buried under layers of pointless junk.

    (I guess the reason why I don't understand the usefulness of LinkedIn is because I foolishly ignored its invitation to give it the keys to my Gmail, Facebook, and MySpace contact lists.

    Silly me!)

    1. Nate Amsden

      Re: Still Confused

      I'm sure I'm not alone in using linkedin to keep track of business folks and former co workers. Sometimes I may reach out to one after a few years. Not everyone keeps a steady email address.

      The other big use case is career opportunities. Though i have to tell recruiters i am not interested constantly I like being in touch with so many people that have expressed interest in hiring me or getting me hired so they can get paid.

      About 10 years i worked for a company that was trying to compete with linkedin. I would laugh when i saw my personal network on LinkedIn at the time was more people than my company at the time had in their entire system. Company imploded about 7 years ago.

      I almost never participate in the "feed" or whatever it's called the thing where people post things and commment on each other.

      I don't use any other social media. I won't touch the linkedin app. Wants too many permissions.

    2. Hstubbe

      Re: Still Confused

      Actually, linkedin has proven to be very useful on numerous occasions over the past years for me. Just shaking that tree of 'people I know with certain skills' has turned up useful and surprising collaborations on both volunteer and professional projects.

      I hate all those USA privacy slurping social thingies as much as the next el reg reader. Linkedin is the only one I actually participate in, because despite my aversion to it it has proven time and again to be very helpful :( I managed to replace all the very very cool google cloudy stuff with self-hosted stuff, never got on facebook and "deleted" my twitter account. Yet linkedin is one bad habit I can't kick..

  7. Youngone Silver badge

    What a relief!

    only around 6.5 million encrypted passwords were posted online.

    I was really worried it would be lots and lots.

  8. Valeyard

    I'll just wait..

    ..for the haveibeenpwned update. linkedin was just a throwaya rubbish password not used for anything else anyway, but i'm strangely excited to finally get a hit on that site, which means i probably need a day off

  9. Kelli

    No info from LinkedIn itself

    https://press.linkedin.com/news-releases

    No sorry press release, nothing

  10. breakfast Silver badge

    Never mind Linked-In, I've been trying to change the email address I use for my El Reg account for the last couple of years and, like a game of poker, no dice.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like