LinkedIn is advising some 100 million users reset their passwords after data from a 2012 breach of the social network surfaced earlier this week.
In 2012, the platform fell victim and LinkedIn was hacked in an attempt that compromised millions of accounts (6.5 million to be exact), exposing members’ passwords and publishing them online.
LinkedIn assured its members at that time the compromised passwords were not published with their corresponding email logins and that the vast majority of passwords remained encrypted, although a subset was decoded.
It also conducted a password reset campaign for the affected accounts and advised all members to change their passwords.
All was well — until this past Wednesday, May 18, when LinkedIn made thisannouncement on its official blog:
“Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012.”
According to the post, LinkedIn is taking “immediate steps” to invalidate the passwords of the impacted accounts. The company said it will contact users who need to reset their accounts. LinkedIn also affirmed that there was no indication that this was the result of a new security breach.
If your account was affected, you will need to reset your password. Also, it’s not a bad idea to enable a two-step verification, a feature that LinkedIn provides, to better ensure the safety of its members.
These are steps all LinkedIn members may care to take, regardless if they fell victim to the breach or not.
For more information on protecting your password, refer to this Small Business Trends article, LinkedIn Security Breach: A Reason to Change Your Passwords (At Least!).