A new set of data from LinkedIn members went on sale earlier this week on a dark web market known as “The Real Deal” by a dealer named “Peace.”
The seller is offering the 117 million usernames and passwords from LinkedIn members for 5 Bitcoin (about $2,200).
LinkedIn chief information security officer Cory Scott said on May 18 that the 2012 breach compromised email and password information of millions more users than originally thought.
The original number of accounts thought to be compromised was 6.5 million, according toVice Motherboard.
“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach,” said Scott.
“We take the safety and security of our members’ accounts seriously,” he assured.
— Dez Blanchfield (@dez_blanchfield) May 19, 2016
However, “Peace” isn’t the only one with the sensitive data.
LeakedSource, a paid hacked data search engine, also claims to have access to the data, according to Vice Motherboard.
Peace and LeakedSource said they have obtained 167 million LinkedIn accounts on their database, including the 117 million accounts whose usernames and passwords were both compromised.
“It is only coming to the surface now. People may not have taken it very seriously back then as it was not spread,” an individual from LeakedSource told Motherboard.
“To my knowledge the database was kept within a small group of Russians,” added the source.
The company said it was “moving swiftly” to address the additional data compromised in the 2012 breach. The company said it has begun validating passwords for all members who created accounts before 2012 who haven’t changed the passwords since the breach.
The company also advised users to regularly change their passwords and to use strong passcodes, as well as enabling a two-step verification for their accounts.