A hacker is selling the account info of 117 million LinkedIn users, which includes emails and passwords of the compromised accounts.
The hacker selling the information, called Peace, told Motherboard the data was stolen during the LinkedIn breach of 2012.
“At the time, only around 6.5 million encrypted passwords were posted online, and LinkedIn never clarified how many users were affected by that breach,” said Motherboard.
LinkedIn has now said the data may come from the 2012 hack, which led to the “unauthorized access and disclosure of some members’ passwords”.
“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords.”
LinkedIn said it has no indication that this data leak is as a result of a new security breach.
LinkedIn said it has demanded that parties cease making stolen password data available, and will evaluate legal action if they fail to comply.
“In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts.”