LinkedIn had said in 2012 that some 6.5 million user records may have been breached, but this week learned that a much wider set of data had leaked.
“Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012,” LinkedIn’s Cory Scott said in a blog post.
“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.”
Security blogger Brian Krebs wrote that LinkedIn had strengthened security for its database following the 2012 leak but warned that “if you’re a LinkedIn user and haven’t changed your LinkedIn password since 2012, your password may not be protected.”