“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords,” said LinkedIn’s Chief Information Security Officer Cory Scott.
LinkedIn said that it has started to invalidate passwords for all accounts created prior to the 2012 breach that haven’t updated their password since that breach. However, regularly changing your password is always a good idea instead of waiting to be notified.
Automated tools are being used to attempt to identify and block any suspicious activity that might occur on affected LinkedIn accounts.
The haul of LinkedIn data is reportedly on sale for $2,200.
Tod Beardsley, security research manager at cybersecurity specialist Rapid7, told FoxNews.com that the most valuable data in the LinkedIn compromise may not be the passwords at all, but the enormous registry of email addresses connected to working professionals. “Spammers rely on accurate, active email addresses to target, and the low price tag of 5 Bitcoin (approximately $2,200) is likely to generate significant interest from today’s spam industry,” he explained. “While people’s passwords can and should change routinely, email addresses and usernames persist for years without easy mechanisms to change them.”
Selling off additional data is a regular practice by cybercriminals, according to Amit Ashbel, director of product marketing at application security specialist Checkmarx. “Once they manage a large hack they will always save something for a rainy day,” he said, via email. “The fact that these are now being sold online indicates to me more than anything else that the hacker needs cash and now is the time to pop out that old stash and sell to the highest bidder.”
Follow James Rogers on Twitter @jamesjrogers