6.5 million LinkedIn passwords reportedly leaked online

Posted: June 6, 2012 in Analysis

LinkedIn users could be facing yet another security problem.

A user in a Russian forum says that he has hacked and uploaded almost 6.5 million LinkedIn passwords, according to a story in the Verge. Though his claim has yet to be confirmed, Twitter users are already reporting that they’ve found their hashed LinkedIn passwords on the list, security expert Per Thorsheim said.

LinkedIn revealed through its own tweet that it’slooking into reports of stolen passwords, and it advised users to stay tuned for more information.

Many of the hashes include the word “linkedin,” which The Verge believes lends credibility to the reports.

The report of the leaked passwords comes hard on the heels of word from security researchersthat LinkedIn’s iOS app is collecting information from calendar entries — including passwords — and transmitting it back to the company’s servers without users’ knowledge.

LinkedIn passwords are encrypted using an algorithm known as SHA-1, which is considered very secure. Complex passwords will likely take some time to decrypt, but simple ones may be at risk.

Sophos security expert Graham Cluley is advising LinkedIn users to change their passwords as soon as possible, at least as a precaution. If the report is true, then hackers are undoubtedly working hard to decrypt the hashed, or unsalted, passwords.

“Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals,” Cluley added.

To change your LinkedIn password, log onto your account. Click on your name in the upper right corner and then click on the link for Settings. In the Settings section, click on the Change link next to Password. You’ll be prompted to to enter your old password and then create a new one. Aim to pick a complex password that’s not easy to decipher. Then click on the Change Password button.

CNET contacted LinkedIn for further details and will update the story when we get more information.

Originally posted at Security & Privacy

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s