CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

Maybe it's time to change your LinkedIn password...again

The social network confirms email and password combinations for more than 100 million members, stemming from a 2012 data breach, have been posted online.

It's apparently the hack that keeps on giving.

New York Stock Exchange

LinkedIn says its taking action after more than 100 million members' emails and passwords were released online resulting from a data breach four years ago.

CBS

LinkedIn announced Wednesday that more than 100 million members' email and password combinations stemming from a 2012 data breach have been posted online, residual fallout from hackers stealing and publicly releasing a separate set of 6.5 million encrypted passwords.

"Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012," the company said in a blog. "We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords."

LinkedIn said it has no indication that the released emails and passwords are a result from another hack.

According to a story from Vice's Motherboard, a hacker named "Peace" is trying to sell the emails and passwords of 117 million LinkedIn members on a dark website for about $2,200 in bitcoin.

LinkedIn said it has improved its security for its members since the hack including stronger encryption and and two-factor authentication.

But even that isn't foolproof, said Lisa Sotto, a New York-based lawyer and cybersecurity expert who chairs the US Department of Homeland Security's Data Privacy and Integrity Advisory Committee. She said all LinkedIn users should assume their passwords are "out in the wild," as a result of this breach or from the original hack.

"Unfortunately, as with many cybersecurity incidents, the facts change as the investigation progresses or as time passes and the intruders make their bounty known by posting it on the dark web," she said. "Today's threat actors are particularly wily -- they often delete their footprints, making it is difficult to determine where in a network they have been and what they have nabbed."

A new breach from the LinkedIn hack comes as no surprise to Orlando Scott-Cowley, a specialist with email security provider Mimecast. The social network aimed at business professionals could be vulnerable to more breaches as cybercriminals are likely building "very accurate pictures" of companies and employees ripe for targeting, he added.

"Once that 'picture' is complete, the email account of the target becomes the holy grail for the attackers," he said.

Update, May 18 at 8 p.m. PT: Adds comments from cybersecurity expert.