Jordan Robertson
May 18, 2016 — 10:05 AM MDT
- Hacker selling e-mails, passwords of 117 million users
- Still determining how many accounts are ‘active and accurate’
“It appears that more had been taken then, and just posted now,” spokesman Hani Durzy said. “We are still determining how many of these are still active and accurate, since the data would be about four years old now.”
At the time, LinkedIn reset the passwords of everyone it believed was part of the breach, which amounted to 6.5 million users, Durzy said.
Vice Media LLC’s Motherboard website earlier reported that a hacker is selling the e-mails and passwords of the affected LinkedIn users for about $2,000, and provided about 1 million sample logins for verification. The passwords are encrypted but in a format that is easily cracked.
In September 2015 LinkedIn’s $1.25 million settlement over the breach received final approval by a court. The latest disclosure raises questions about why LinkedIn didn’t reset passwords for all of its more than 160 million users at the time, which is considered good due diligence for Internet companies that experience a major breach.