LinkedIn Security Breach:
Just yesterday LinkedIn said that it was investigating a probable breach of data and some of the reports suggest that over 6.4 million passwords were stolen. Many security researches reported this breach and traced it down to a Russian hacker forum. Apparently, the hacker could crack many of the passwords using simple resources in a short period of time.
“Our team is currently looking into reports of stolen passwords. Stay tuned for more” this was Linkedin’s first tweet on this issue.
They also blogged later on confirming the news.
We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:
- Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
- These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
- These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.
We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously. If you haven’t read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices.
Graham Cluley a British computer programmer and a security / technology consultant said that the posting on the forums has in some parts LinkedIn passwords. He advised the 160 million users to change their passwords.
Meanwhile, Linkedin has sent it’s user base a mail advising them to change their passwords. They have disabled LinkedIn accounts until then.
Featured Image Courtesy: nan palmero