Get the latest tech news How to check Is Temu legit? How to delete trackers
NEWS
LinkedIn

Millions of LinkedIn users told to change password

Elizabeth Weise
USA TODAY
LinkedIn's Mountain View, Calif., headquarters in 2013.

SAN FRANCISCO –  As many as 100 million users on LinkedIn began getting emails Thursday telling them to change their passwords.

They should.

Earlier this week the website Motherboard reported that a hacker going by the name “Peace” was looking  to sell emails and passwords for 117 million LinkedIn users stolen in a 2012 breach.

The asking price was around $2,200.

At the time of the 2012 hack, LinkedIn believed about 6.5 million user names and passwords from the business social networking site had been affected. But on Wednesday the company acknowledged in a blog post that the hack had actually affected 100 million more users than it had originally believed.

LinkedIn has began contacting and invalidating the passwords of all users who haven't changed their password since 2012. There's no indication that the newly-released passwords are the result of any new security breaches, LinkedIn said.

The LinkedIn members were told via email that the Mountain View, Calif.-based company had “recently noticed a potential risk to your LinkedIn account coming from outside LinkedIn” and had taken actions to protect their accounts.

Take steps to protect yourself

Facebook

With the large numbers affected, computer security experts encouraged people to take the time to protect themselves.

First, change passwords on accounts frequently and don’t use the same password for every account. With big hacks such as this, hackers have databases of users' emails address and passwords, which all too frequently are the same across many or all of their accounts.

Secondly, be cautious of possible phishing emails. Spammers often use news of big hacks to try to trick the unwary into clicking on dangerous links.

All official emails coming from LinkedIn about this breach do not ask users to click on any links to change their passwords. They instead tell them to go to their account and change it from there.

Finally, if a site offers two-factor authentication, as LinkedIn does, use it, said Tony Anscombe, a security evangelist with AVG, a computer security firm.

That means linking your account to your cell phone, so that attempts to change passwords require inputting a numerical code sent to your phone. This provides a very strong layer of security as it’s unlikely a hacker will have both your email, password and cell phone.

Not surprising to have info show up later

It’s not unusual for databases of stolen information to become available long after the initial attack and that the first post-breach impact analysis often isn’t exact, said Christopher Budd, global threat communications manager at computer security company Trend Micro.

LinkedIn has demanded that the people trying to sell its stolen password data and is looking at possible legal actions if they don't comply. It is also using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts.

The company was launched in 2003 and by 2016 had 433 million members in more than 200 countries.

Featured Weekly Ad