Four years after LinkedIn reported a data breach of user credentials, sources suggest the breach is much larger than previously thought. In 2012, hackers accessed LinkedIn and reportedly stole 6.5 million passwords. Now, the social networking platform has learned an additional data set containing more than 100 million credentials stolen from the 2012 breach is being sold on the black market.
"We are taking immediate steps to invalidate passwords of the accounts impacted, and we will contact those members to reset their passwords," LinkedIn said in a statement. "We have no indication that this is a result of a new security breach."
According to Ars Technica, a hacker is seeking to sell the credentials for five bitcoins, which equals approximately $2,200.
Hani Durzy, a spokesman for LinkedIn, told The New York Times the company undertook security protocols following the 2012 breach, resetting passwords of every member they believed to be compromised, and they encouraged all members to reset their passwords. Now, the company has started to invalidate passwords for all LinkedIn accounts created before the 2012 breach that have not updated their passwords since that breach. The company said it will notify individual members who need to reset their passwords, but encourage all users to regularly change their passwords.
"We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply. In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts," according to the statement.
The extent of this breach may reach further than just LinkedIn, suggests NYT, because since people use the same passwords for multiple websites, hackers could gain access to other personal accounts, including banking websites.
More articles on data breaches:
Raleigh Orthopaedic Clinic to pay $750,000 to settle HIPAA violation
Kaiser health plan reports breach affecting 2,400 members due to stolen mail truck
American College of Cardiology breach affects 1,400 institutions