Back in 2012, LinkedIn had a pretty major data breach in which hackers were thought to have nabbed around 6.5 million users’ passwords.
It turns out the number was much higher than originally suspected.
According to a blog post from LinkedIn, the company just learned that the data actually included more than 100 million email and password combinations. That number could be as high as 117 million, the alleged hacker told Motherboard.
In order to protect its users, LinkedIn has sent many of those affected an email telling them that their current password had been invalidated and advising it be reset. The company also suggested people use extra security measures on their accounts, such as two-step verification, to make sure hackers have trouble getting in.
After the data breach happened in 2012, LinkedIn reset the passwords of over 6 million users, but apparently did not suspect that emails had been stolen too.
According to Motherboard, the hacker that stole the LinkedIn credentials put them up for sale on an illegal marketplace on the dark web with a price tag of 5 bitcoins, equalling about $2,200. All of the passwords were encrypted, or “hashed,” but one of Motherboard’s sources said they had cracked 90% of the passwords in three days.
To be safe, LinkedIn suggests you change your account password even if you haven’t received an email suggesting you do so.