Millions of LinkedIn passwords reportedly leaked

by certifiedbug on June 6, 2012

in Internet Security

Hot on the web it is being reported that 6.5 million encrypted LinkedIn passwords were dumped onto a Russian hacker forum.

“Sophos researchers have confirmed that the file does contain, at least in part, LinkedIn passwords.”
http://nakedsecurity.sophos.com/2012/06/06/millions-of-linkedin-passwords-reportedly-leaked-take-action-now/

More than 200,000 of these passwords have reportedly been cracked so far. The file only contains passwords hashed using the SHA-1 algorithm and does not include user names or any other data, security researchers say. However, the breach is so serious that security professionals are advising people to change their LinkedIn passwords immediately.

http://www.pcworld.com/article/257045/65m_linkedin_passwords_posted_online_after_apparent_hack.html

If you use this service change your LinkedIn password immediately, make it strong and use a different password at every site.

http://www.microsoft.com/security/online-privacy/passwords-create.aspx

Bad week for LinkedIn.

LinkedOut – A LinkedIn Privacy Issue

LinkedIn’s mobile application has an interesting feature that allows users to view their iOS calendars within the app. However, it turns out that LinkedIn have decided to send detailed calendar entries of users to their servers. The app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcodes. If you have decided to opt-in to this calendar feature in iPhone, LinkedIn will automatically receive your calendar entries and will continue doing so every-time you open your LinkedIn app.

http://blog.skycure.com/2012/06/linkedout-linkedin-privacy-issue.html

Update

An Update on LinkedIn Member Passwords Compromised
Vicente Silveira, June 6, 2012

We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts: Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/

Leave a Comment

Previous post:

Next post: