LinkedIn has provided an update to customers who were affected by the recent sale of stolen passwords.
They state they have invalidated passwords of all LinkedIn accounts created prior to the 2012 breach that had not reset their passwords since that breach. In addition, they are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. They are also actively engaging with law enforcement authorities.
LinkedIn has taken significant steps to strengthen account security since 2012. For example, they now use salted hashes to store passwords and enable additional account security by offering members the option to use two-step verification.
They have several dedicated teams working diligently to ensure that the information members entrust to LinkedIn remains secure. While they do all they can, they suggest that members visit their Safety Center to learn about enabling two-step verification, and implementing strong passwords in order to keep their accounts as safe as possible. It is recommended that members regularly change their LinkedIn password and if the same or similar passwords are used on other online services, it is also recommended new passwords be set on those accounts as well.
It is also prudent to remain vigilant of scammers seizing this opportunity to send out phishing emails seeming to come from LinkedIn requesting passwords be changed or verified in order to attain account credentials. Only change your password directly from the LinkedIn site.