What happened
According to public breach records, the LinkedIn data breach on May 5, 2012 is reported to have exposed the personal information of 164,611,595 accounts.
In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.
Passwords in this breach were reportedly stored as SHA-1 hashes.
LinkedIn was breached in 2012, with the company initially confirming in June 2012 that hashed passwords for roughly 6.5 million accounts had been posted online. In May 2016 the full scope surfaced when a seller using the alias "Peace" offered approximately 164 million LinkedIn email-and-password pairs for sale on a dark-web marketplace, revealing the original breach was far larger than first understood. The passwords had been stored as unsalted SHA-1 hashes, which researchers were able to crack in large numbers shortly after the data was released; Russian hacker Yevgeniy Nikulin was later convicted in connection with the intrusion.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Passwords
Breach details
| Detail | Value |
|---|---|
| Breach name | |
| Date | May 5, 2012 |
| Accounts affected | 164,611,595 |
| Domain | linkedin.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by LinkedIn; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your LinkedIn password immediately, and if you reused that password on any other site, change it there too.
- Enable two-factor authentication on your LinkedIn account and on any other accounts that shared the same password.
- Treat that old password as permanently public and never reuse it; use a password manager to generate a unique password per site.
- Be alert for targeted phishing emails sent to the exposed email address that reference LinkedIn or your professional identity.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: LinkedIn Data Breach
- 117 million LinkedIn emails and passwords from a 2012 hack just got posted online | TechCrunch
- As Scope of 2012 Breach Expands, LinkedIn to Again Reset Passwords for Some Users – Krebs on Security
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →