LinkedIn is aware of a set of over 100 million users' data that may have been released online by a hacker, the social media network said Wednesday.
The password and email data that have apparently been released came to the company's attention Tuesday, Chief Information Security Officer Cory Scott wrote in a blog post. It appears the data was taken during a known security breach in 2012, after which the company required any users they believed were affected to reset their passwords.
"We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords," Scott said Wednesday.
The stolen passwords were hashed, a form of encryption, LinkedIn says.
In the wake of its initial 2012 hack, which LinkedIn believed resulted in 6.5 million hashed passwords being leaked, it added an extra layer of protection called "salting."
Motherboard reports that the hacker, who goes by the name "Peace," listed 117 million emails and passwords on a hard-to-access web marketplace for the equivalent of about $2,200. A search engine for paid hacked data also told the news agency that it acquired the data, providing a sample of almost one million credentials and claiming to have hacked nearly all of them.
LinkedIn suggests that users enable two-step verification (which sends a text or email to a person who's logging in from an unrecognized device) and strong passwords.