LinkedIn’s Data Breach Scope Grows

Remember that LinkedIn data breach in 2012? Well, it turns out it was much worse than the company initially thought.

The company announced this week that it’s recently been discovered that email and password information for more than 100 million LinkedIn members has been released as part of the data breach that was initially believed to have only impacted 6.5 million accounts.

Here’s what LinkedIn shared as an update on the breach:

Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.

We take the safety and security of our members’ accounts seriously. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible.

In order to contain the breach impact, LinkedIn has requested that its users who joined prior to the breach change their passwords. In fact, the company said they have “begun to invalidate passwords for all accounts created prior to the 2012 breach that haven’t updated their password since that breach.”

The company has also released a note about the impact of those who are making stolen password data available, saying it “will evaluate potential legal action if they fail to comply.” LinkedIn is also using automated tools to up its security measures and block any potential suspicious activity.