LinkedIn Invalidates Passwords Of Accounts ‘Up For Sale’

LinkedIn has invalidated the passwords belonging to accounts that could have been included in an alleged database of more than 100 million credentials put up for sale and has reassured users their information remains safe.

A hacker going by the handle ‘Peace’ claimed to have the information of 117 million LinkedIn accounts, including email addresses and passwords, for sale for five bitcoins. It is thought the credentials were gained during an attack on the site in 2012.

Following this, a separate site claimed to have up to 167 million account details in its database, although LinkedIn confirmed today that no new breach on its database had taken place.

Invalidated

“Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012,” LinkedIn CISO Cory Scott wrote in a blog post.

“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords.

“We have no indication that this is as a result of a new security breach.”

Following reports that additional details were also now on sale, Scott confirmed that LinkedIn has begun to invalidate passwords for all accounts created prior to the 2012 breach​ that haven’t update​d​ their password since that breach, and that the site will be contacting individual members ​if they need to reset their password.

“We take the safety and security of our members’ accounts seriously,” he added. “For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication.”

LinkedIn has been criticised across the security industry for its lax approach to user protection, with the company apparently underestimating just how big the 2012 breach was.

The social network also apologised and enlisted the help of the FBI in the matter, but that did not stop a class action lawsuit, which ultimately cost LinkedIn $1.25m (£810,000) in settlements last year..

Are you a security guru? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

TikTok US Sales ‘Hit $16bn’, ByteDance Nears Meta In World Revenues

TikTok reportedly brought in $16bn in US last year, while parent ByteDance made $120bn worldwide,…

16 hours ago

Bankman-Fried Deserves Up To 50 Years In Jail, Prosecutors Say

Ahead of sentencing prosecutors argue ex-FTX boss Sam Bankman Fried deserves up to 50 years…

16 hours ago

Senators Take Up TikTok Bill After Italy Fine Over Harmful Content

Senators consider bill restricting TikTok after rapid House approval, as Italy competition regulator fines company…

17 hours ago

AI Security Company Backtracks On UK Testing Claims

Security company Evolv backtracks on claims UK government tested its controversial AI security scanning systems

17 hours ago

Norfolk County Council Wins $490m Payout From Apple

Apple agrees to $490m settlement of class-action lawsuit led by Norfolk County Council for allegedly…

18 hours ago

McDonald’s International Outage Caused By Third Party

McDonald's says outage affecting thousands of locations across world caused by third-party tech provider carrying…

18 hours ago