In 2012, hackers posted 6.5 million stolen LinkedIn passwords to a Russian forum, TechCrunch reports. It turns out, that security breach was much bigger and much worse than possibly anyone realized. According to Motherboard, 117 million LinkedIn emails and passwords taken as part of the same breach were just put up for sale by a hacker named "Peace," who is seeking $2,200 for them on the dark web. LinkedIn has confirmed the emails and passwords are legit and is working on contacting affected users. Back in 2012, LinkedIn never specified how many accounts had been compromised by hackers. Ars Technica reports it's possible even the company didn't know how many passwords had been stolen initially.
Hackers have apparently had no trouble with the lightly encrypted passwords. One source claims hackers cracked 90% of the stolen passwords within 72 hours. Ars Technica argues many of the passwords should never have been allowed by LinkedIn in the first place. More than 750,000 users had the password "123456." More than 170,000 used "linkedin." Other popular passwords were "password" and "111111." People who were using LinkedIn in 2012, still have the same password, and use that password for other websites should be concerned, according to TechCrunch, which says it's best to change your password on LinkedIn (and anywhere else you used it) just in case.