Four years after being famously hacked, LinkedIn has admitted that data stolen in the 2012 hack is still being sold on data sharing websites, impacting 167 million customers. The data includes email addresses, hashed passwords, and member IDs.

In the original hack, only 6.5 million usernames and passwords were posted online, although it appears now that they had access to 167 million accounts.  

LinkedIn has said that is “actively engaging with law enforcement authorities”.

A new password hash dump analysis on the LinkedIn breach from password recovery Kore Logic has revealed that many use easily cracked login IDs. The most common are ‘123456’, ‘linkedin’ and ‘password’.

There have been reports that online groups have started to use the information to hack into high profile accounts including that of Twitter co-founder Biz Stone and Minecraft creator Markus “Notch” Persson.

Meanwhile, vulnerability in LinkedIn's change password feature may be causing even more headaches for users and LinkedIn itself, according to computer security site grahamcluley.com. This occurs when users have active sessions on two separate devices but only change the password on one.  

With thousands of users changing their passwords in the light of the recent breach, this could leave even more people vulnerable.