A LinkedIn breach from four years ago may have been more damaging than previously believed after a hacker reportedly posted 117 million usernames and passwords belonging to members of the professional networking site.
Log-in credentials said to belong to LinkedIn users have been offered for sale on the dark web for around $2,200, according to a report from Motherboard, a tech website run by Vice. (The dark web refers to websites where people can browse anonymously and in some cases, use it to conduct illegal business).
A hacker reportedly told the website the information was obtained during a breach in 2012.
Cory Scott, LinkedIn's chief information security officer, wrote in a blog post that the company required "a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure" in 2012. He said LinkedIn also advised all members to change their passwords as a security best practice.
Scott said the company was made aware on Tuesday of the data for sale.
"Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach," he said.
Scott also highlighted extra layers of security LinkedIn has in place, including email challenges and dual factor authentication.
"We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible," he said.