Wondering if that LinkedIn password e-mail is real? Read on.

Security Management Magazine by 

LinkedIn is invalidating passwords for all accounts created before 2012 following the disclosure that 100 million members’ passwords may have been compromised.

In a post on the social network’s blog, LinkedIn confirmed that in 2012 it was the victim of an unauthorized access and disclosure of 6.5 million of its users’ passwords.

“At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure,” the blog post said. “Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.”

On Tuesday, however, LinkedIn became aware that an additional set of data that has been released claims to be e-mail and hashed password combinations of more than 100 million LinkedIn members from the 2012 theft.

The data is reportedly for sale on a dark web market called The Real Deal by the dealer Peace, who is selling the data for 5 Bitcoin (approximately $2,200), according to Forbes.

Due to this new development, LinkedIn began invalidating passwords on Wednesday for all accounts created before the 2012 breach that have not updated their password.

“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will continue those members to reset their passwords,” the blog post explained. “We have no indication that this is as a result of a new security breach.”

LinkedIn said it will be notifying individual users if they need to reset their password. “However, regularly changing your password is always a good idea and you don’t have to wait for the notification,” it explained.

To change your password on LinkedIn, follow the below instructions:

  1.  Login to your LinkedIn account
  2. Move your cursor over your photo in the top right of your homepage and select Privacy & Settings
  3. Select the Account tab at the top of the page
  4. Under the Basics section, click Change next to Change Password
  5. Enter your old password, type your new password, and then type it again to confirm it. (Passwords are case sensitive and must contain at least six characters.)
  6. Select the checkbox if you’d like to automatically be signed out of all sessions once you change your password
  7. Click Save

Author: Gregory Schmidt, PSP, CHS-I

Gregory M. Schmidt, PSP, CHS-I of Eagle/ Trident Security is a board certified Physical Security Professional who has over thirty years of experience developing dynamic security programs, plans and policies for businesses in Indiana and Florida. His conversation-style personal safety seminars are highly regarded and always in demand. Mr. Schmidt is a member of ASIS International, the International Association for Healthcare Security & Safety and the American Society for Healthcare Engineering.