![]() ![]() The seller is quoted in a Motherboard story as saying: The LinkedIn data has dropped in price again, it's now almost half of what it originally was: /lLvoyBFmnl- Troy Hunt May 23, 2016 In fact, since then, the price has fallen even further: Whilst the data wasn't in HIBP at the time of that tweet, it's possibly what we're seeing here in terms of it having been spread around more broadly. Earlier this year I observed that HIBP was having an impact on data breach prices due to the increased awareness it raised with those who've had their data exposed. This is curious and I suspect that both the points I made in that tweet are related. The LinkedIn data has dropped in price and the seller is referencing media coverage of credentials being exploited /M8k06TBGjY- Troy Hunt May 22, 2016 Well it was 0.001 cents per account but already, we've seen that 5 BTC price drop: But if you want to look at it another way, 167 million accounts selling for $2.2k is only 0.001 cents per account which at least to me, feel very cheap indeed. Well firstly, I'm fond of the adage that "something is only worth what someone is willing to pay for it" and by all accounts, people have indeed paid for it (more on that later). This is a recurring question - "is it worth it"? Are 167 million records really worth $2.2k? Inevitably there's a catalyst, but it could be many different things the attacker finally deciding to monetise it, they themselves being targeted and losing the data or ultimately trading it for something else of value.īut speaking of value, how much is the data actually worth? Is the data worth $2.2k? ![]() I cite other incidents there which demonstrate how often it can be years - sometimes longer than the LinkedIn lead time - between the hack and the subsequent public release of the data. I wrote a longer piece about this last week in my Security Sense column titled There's a Lot of Hacked Companies We Don't Even Know About and the title pretty much sums it up. This is one of the most common questions that comes up - what's been happening since 2012? Why have we only just now seen the data? The easy answer is that I don't know and it's quite possible that LinkedIn doesn't know either. ![]() I'll also talk about Have I been pwned (HIBP) and the broader issue of searchable breach data. I've had a heap of calls and emails from various parties doing stories on it over the last week so I thought I'd address some of those queries here and add my own thoughts having now seen the data. It was allegedly 167 million accounts and for a mere 5 bitcoins (about US$2.2k) you could jump over to the Tor-based trading site, pay your Bitcoins and retrieve what is one of the largest data breaches ever to hit the airwaves.īut this is not a straightforward incident for many reasons and there are numerous issues raised by the data itself and the nature of the hack. The LinkedIn hack of 2012 which we thought had "only" exposed 6.5M password hashes (not even the associated email addresses so in practice, useless data), was now being sold on the dark web. Last week there was no escaping news of the latest data breach. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |