LinkedIn said on Wednesday that hackers were attempting to sell what they claimed were 117 million email addresses and passwords of its users, suggesting that a data breach in 2012 was magnitudes bigger than initially thought. “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords,” LinkedIn said.
“We have no indication that this is as a result of a new security breach.”
LinkedIn is investigating the authenticity of the data, the company said. But a security researcher, Troy Hunt, said on Twitter that he had verified a portion of the breach and that it was “highly likely this is legit.”
The hacker is trying to sell the data on an illegal marketplace for five bitcoin, or about $2,200, according to Motherboard. In 2012, the account information of 6.5 million users was posted to a Russian hacker site. LinkedIn settled a class-action lawsuit in 2015, agreeing to compensate 800,000 people who had paid for its premium services.
Since the attack, the company has stepped up its security procedures.