LinkedIn is still feeling the ramifications of a 2012 data breach that saw millions of users affected.
“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach,” LinkedIn chief information security officer Cory Scott said in a blog post.
“We take the safety and security of our members’ accounts seriously. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as e-mail challenges and dual factor authentication.”
The alleged hacker, who goes by the name ‘Peace,’ told Motherboard there were more than 167 million accounts in the database — and 117 million of those included e-mails and encrypted passwords. Peace said he is selling the data he filched on the dark Web for five bitcoin, which amounts to just under $2,300.
Motherboard, in its report, said LinkedIn originally encrypted or hashed the passwords with the SHA1 algorithm — a method that was already obsolete in 2012.
LinkedIn faced a class action suit as a result of the hack for not adequately protecting the passwords and personal data of its premium services users. The professional networking firm settled the lawsuit by agreeing to fork over $1.25 million. That amount was to be split among those who submitted an eligible claim.