MacTrast readers may recall a 2012 LinkedIn security breach that led to millions of encrypted password for users of the business-centric social network being posted on a Russian hacker forum. The company announced on Wednesday that another 100 million LinkedIn members’ emails and passwords have been released.
Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.
LinkedIn says they have “begun to invalidate passwords for all accounts created prior to the 2012 breach that haven’t updated their password since that breach.” The company is letting affected members know if they need to change their password.
We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply. In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts.