Millions of LinkedIn passwords “LeakedIn” online
The social networking website LinkedIn is investigating claims that over 6.4 million of its users’ passwords have been leaked onto the internet.
The service – which has over 150 million users – is designed to allow professionals to share resume details and network with one another.
Hackers have reportedly posted a file containing encrypted passwords onto a Russian web forum.
LinkedIn says it is currently looking into the reports.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation,” LinkedIn’s Vicente Silveira said in a blog post.
Mr Silveira said passwords on the compromised accounts were no longer valid, and that those members will receive instructions on how to reset their passwords.
“There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email,” he said.
For other members, LinkedIn has implemented “enhanced security” for password protection, he added.
Graham Cluley of the British security firm Sophos said the hacker posting “does contain, at least in part, LinkedIn passwords”.
“Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals,” Mr Cluley said in a blog post.
As a result, Mr Cluley said, “it would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step”.
We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:
- Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
- These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
- These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.
We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously. If you haven’t read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices.
thank god for that..i am sick of getting email requests from people i dont know who are on LinkedIn..looks like they leaked out..this might stop the spam..