While news of the LinkedIn data breach, which put over 167 million accounts at risk, has been spreading around the Internet, LinkedIn itself was rather quiet on the news until recently. Today the social network sent out an email to all users notifying them of the breach, and detailed its actions.

In its email, LinkedIn described the situation as such:

“On May 17, 2016, we became aware that data stolen from LinkedIn in 2012 was being made available online. This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. Thee were accounts created prior to the 2012 breach that had not reset their passwords since the breach.”

Users can try logging in to their accounts to see if they’re still available, or if a password reset is required; if it isn’t, though, changing your password up might still be a good idea. It’s also a good idea to check haveibeenpwned.com to see if your email address has been leaked in this or any other data breach.

In addition to invalidating any passwords set before the 2012 breach, LinkedIn is “using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts,” and is recommending users visit its Safety Center, enable two-step verification, and implement strong passwords. Speaking of passwords, the email suggests not only regularly changing one’s LinkedIn password, but also any similar passwords on other websites.

The email assures users that LinkedIn is working with law enforcement authorities, and has taken steps to provide stronger security than it had in 2012, such as using salted hashes to store passwords. As security is a constant arms race, where companies and attackers try to stay a step ahead of the other, one would hope that its security has gone through several improvements since 2012.

Still, while the announcement may have come a little later than users would prefer, it’s good that LinkedIn is taking steps to combat this incident, alert users, and promote strong security. The breach that the stolen information is from is several years old, so users who regularly change their accounts or haven’t been on LinkedIn before 2012 should be safe, but one can never be too safe when it comes to security.

Image via Wikimedia