LinkedIn says accounts stolen in 2012 have resurfaced online

LinkedIn said Wednesday that more than 100 million email addresses and passwords from its users, stolen by hackers in 2012, had resurfaced online this week.

Perhaps the greatest remaining threat is what’s known as password reuse attacks, since people often use the same password to sign into different accounts.

Tod Beardsley, the security research manager at Rapid7, said the emails themselves — a vast database of contact information for working professionals — might be the real value.

LeakedSource, a search engine for data leaked in breaches, said it had obtained the entire database from a party it would not name.

Though the passwords were hashed — a form of protection that involves changing the passwords with a mathematical formula so they don’t include the plain text — LeakedSource said it was able to crack about 90 percent of them in a matter of days.

In 2012, LinkedIn announced that it was taking additional steps to secure its passwords that would, in theory, make them far harder to crack in any future data breach.

“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords,” wrote Cory Scott, LinkedIn’s chief information security officer, in a post.