A hacker claims to have captured account information of millions of LinkedIn users and is selling it online.
A news update posted by LinkedIn says that an additional set of data claiming to be email and hashed password combinations of over 100 million LinkedIn members had now appeared online.
These credentials were claimed by the hacker to be from a 2012 attack on LinkedIn, as a result of which the company advised all members to change passwords and provided a mandatory reset for all accounts believed to be compromised.
According to MotherBoard, the data is being sold on the dark web illegal marketplace The Real Deal for 5 bitcoin, worth around $2,200, by a hacker using the name ‘Peace’.
MotherBoard said that in addition to Peace, paid hacked data search engine LeakedSource claims to have obtained the data.
LinkedIn said that there was no evidence that this had been the result of a new breach.
The social network said that it was taking "immediate steps to invalidate the passwords of the accounts impacted" and added that members who had been affected would be contacted and asked to reset their passwords.
The main dangers of a breach like this are not so much the data stored in LinkedIn accounts, mostly generic employment information, but the associated data.
"The most valuable data in the LinkedIn compromise may not be the passwords at all, but the enormous registry of email addresses connected to working professionals," said Tod Beardsley, Security Research Manager at Rapid7.
"For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication," LinkedIn wrote in the post on the site.
"We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible," said LinkedIn.
