Online professional platform, LinkedIn, has called on its users to change their passwords after reports emerged that the login details stolen in 2012 was for over 100 million users instead of 6.5 million as earlier thought.
The hacker has now surfaced online, looking to sell the information for $2,200 on the black market.
“In 2012, LinkedIn was the victim of an unauthorized access and disclosure of some members’ passwords. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure. Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice,” LinkedIn said in a blog post.
“Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach,” the firm added.
LinkedIn said it has begun to invalidate passwords for all accounts created prior to the 2012 breach that haven’t updated their password since that breach.
“We will be letting individual members know if they need to reset their password,” the firm added.
Users risk having their identities stolen if they fail to change their password.