After the massive breaches on popular email services a few weeks ago, you’ve probably had to change a fair few passwords recently (or at least, you should have). Well, now it looks like there’s another one to add to your to-do list.
It’s been revealed that over 117 million LinkedIn usernames and passwords have been stolen and are being sold on the dark web.
This news came to light after the hacker spoke to Motherboard and explained the data has come from the 2012 LinkedIn hacks. At the time, it was believed that only 6.5 million users were at risk. However, it now appears that up to 117 million username and passwords could be affected.
On the LinkedIn Official Blog, their chief information security officer Cory Scott confirmed this information, and also said it’s likely the data was stolen during the 2012 thefts.
He added, “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords.”
All LinkedIn users have been advised to change their passwords, which you can see how to do here. You can also enable a two-step verification feature, which will send you a text message every time your account is logged into from an unknowable device.
While security breaches aren’t unheard of against large websites, LinkedIn came under fire after their 2012 breach for not providing sufficient security to users. Unlike many websites with large amounts of private data, LinkedIn did not put a “salt” on their user’s’ passwords. Essentially, these are random characters that can be attached to a password to make it harder for hackers to decode.
LinkedIn has since rectified this, but it stands as a daunting reminder that even old leaked data can still pose a security risk.