Business-orientated social media site LinkedIn has emailed users explaining the circumstances behind a recent data breach.
The security issue, which first became apparent on 17 May this year, relates to passwords and login details which are being posted online by hackers.
We took immediate steps to invalidate the passwords of all LinkedIn accounts we believed might be at riskLinkedIn
LinkedIn believes the passwords were stolen in a 2012 data breach and the leak is not the result of a fresh security leak.
The data breach referred to in 2012 resulted in the details of 6.5 million user accounts being stolen by cybercriminals and posted on a Russian password site.
After data resurfaced this month on website LeakedSource, LinkedIn’s legal team successfully persuaded the site’s operators to remove the data from their pages.
A statement from LeakedSource read: “We received a typical cease and desist letter from LinkedIn’s lawyers... for the next couple of days we are going to censor hashes from that particular data set while we consult with our legal team from OUR jurisdiction.”
However it is believed the details surfaced again on the ‘dark web’.
In its email to users, LinkedIn’s helpdesk sought to reassure account holders: “We took immediate steps to invalidate the passwords of all LinkedIn accounts we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach.”
The social media site also advises it is working with law enforcement authorities and has taken “significant steps to strengthen account security since 2012”.
The email advises that users visit LinkedIn’s Safety Centre to learn how to enable their two-step verification safeguard.
Widely used by professionals, LinkedIn has more than 400 million users worldwide and over 15 million active users in the UK. Its results for the first quarter of 2016 announced a 35 per cent year-on-year revenue increase to £584 million pounds.