On Wednesday afternoon, LinkedIn sent an email to all of its users officially disclosing a massive violation of its security system which took place in 2012, in which the usernames, email addresses and passwords of millions of LinkedIn users were stolen by hackers. At the time of the hack, LinkedIn reportedly responded by enforcing a mandatory password reset for all accounts it believed had been compromised in the hack. However, the recent disclosure from chief information security officer Cory Scott has dramatically revised upwards the number of individuals affected by the hack. While LinkedIn had previously estimated that around 6.5 million accounts were accessed during the widely-publicised hack, that number has now shot up to ‘more than 100 million’ accounts. Moreover, Mr Scott has revealed that the passwords of millions of LinkedIn users still appear to be in circulation on the web, prompting the company to invalidate passwords for all LinkedIn accounts created prior to 2012 that have not been updated since. ‘We have demanded that all parties cease making stolen password data available and will evaluate potential legal action if they fail to comply,’ said Mr Scott on 18 May, adding that LinkedIn would use automated tools to monitor and block suspicious activity on affected accounts ‘in the meantime.’

Sources: LinkedIn; Fortune