According to Motherboard, and confirmed by LinkedIn, the data was stolen during a hack in 2012.
A hacker going by the handle “Peace” announced that the data has been posted for sale on the dark web. The database contains approximately 167 million accounts, 177 million of those contain both emails and passwords.
Everyone should be changing their passwords on a regular basis but not everyone does. If you haven’t changed your LinkedIn password since 2012 you’ll want to do it now.
If even if you’ve changed your LinkedIn password you may not be off the hook.
If you use the same combination of email and password as you did on LinkedIn in 2012 on any other websites you should change those as well. Hackers are very aware that many people have a habit of reusing the same login information over many websites so those website accounts could be at risk.
Good web security practice is to change all your passwords every 6 months.
How to change your LinkedIn Password
(You can see the date your password was last changed there as well)