A hacker known as "Peace" is selling what is reportedly account information from 117 million LinkedIn users. The stolen data includes emails, passwords, and so on.
The hacker says the credentials were obtained during a LinkedIn data breach in 2012 that saw 6.5 million encrypted passwords posted online, according to Motherboard. Peace is selling the data for about $2,200 (5 bitcoin) on the "dark web," the part of the internet accessible only with a special browser that masks user identities.
LinkedIn told Motherboard that it was investigating, but could not confirm whether the data was authentic. Spokesperson Hani Durzy did, however, say that the company didn't know how many accounts were compromised in the data breach.
Motherboard and Troy Hunt, a security researcher, reached out to victims of the data breach, and were able to confirm that at least three of the passwords were legitimate.
Why are these credentials coming out now? "People may not have taken it very seriously back then as it was not spread," one of the people behind LeakedSource, which also claims to have access to the data, told Motherboard. "To my knowledge the database was kept within a small group of Russians."
LinkedIn was not immediately available for comment.