167 Million Linkedin Usernames for Sale on the Web Dark

A hacker using the pseudonym “Peace_of_mind” is selling a database stolen from the LinkedIn site that contains the information of 167 million users, with 117 million including the email address and password.

According to information provided by the hacker on the MotherBoard site, he stole the data in 2012, after exploiting a computer flaw that affected the professional social network.

At the time, a sample of 6.5 million usernames and passwords that were hashed / encrypted was circulating on the dark web.


The hacker is currently trying to find buyers through the Dark Web sales site called “The Real Deal” for the sum of five Bitcoins (slightly more than 2000 Euros).

1 hacker, 3 databases

This is not the first time that the hacker peace_of_mind has attracted attention. In fact, he recently placed the user data bases of the sites Naughty America, Zoosk and Fling for sale on the same platform.


Fling.com is a popular dating site in the US

Veracity of the data

When the hacker advertises on the TheRealDeal site, he usually adds a sample of the database to enable potential purchasers to verify if the information is real or not.

He also contacted a number of journalists and cyber security researchers such as Troy Hunt (Site Administrator for haveibeenpwned that allows any user to verify if his email address is listed in compromised databases) in order to obtain:

1. Significant media coverage to increase the sales price of the data
2. Insurance about the authenticity of the information since his interlocutors conduct verifications with a selection of users in the database

At present, only three players seem to be in possession of the 117 million LinkedIn usernames and passwords: the hacker, the researcher Troy Hunt and the site LeakedSource which offers the same service as haveibeenpwned.

However, this could change if the hacker decides to share them in their entirety after finding a buyer, as was the case for the Naughty America database. Therefore, the number of spear-phishing campaigns and identity theft targeting the individuals in the list could increase significantly.

Although the data are from 2012, they still have a high added value for cybercriminals. Indeed, the probability that a large number of users are still using the same password is still very high.