Printed from

Report: 6.5 million LinkedIn passwords stolen [U]

updated 04:46 pm EDT, Wed June 6, 2012

Encrypted passwords reportedly posted to Russian hacker sites

(Updated with breach confirmation from LinkedIn) Wednesday brings reports of further security woes for LinkedIn, as Norwegian site Dagens IT carries a warning that 6.5 million encrypted passwords from the professional networking site have been posted to a Russian hacker forum. The passwords are said to be in an easily-crackable encryption format, and the files posted to the hacker site may contain user data as well. LinkedIn is looking into the problem, but the company is unable to confirm the breach as of yet.

The leaked passwords are said to be "hashed,": that is, encrypted with an algorithm that turns a block of data into a fixed-size bit string such that any change to the data will also change the hash value. The problem with hashed passwords is that identical passwords will be encrypted in an identical manner; so if two users both have the password "P@$$w0rd," then cracking one means that the other is cracked as well. Security experts have reportedly been castigating LinkedIn for failing to "salt" -- add another layer of security by inserting random pieces of information into the hash -- its passwords.

LinkedIn has yet to confirm the security breach, though the company has announced in two tweets over the past few hours that it is looking into the problem. Other outlets are advising that users change passwords for their LinkedIn profile, as it is unknown exactly which users may be affected by the breach.

Should reports of the breach prove true, it would mark the second security risk for the site to emerge today. Earlier, researchers discovered that a feature in the LinkedIn mobile app for iOS gathers and transmits back unsecured data from users' calendar apps.

Update: In a post this afternoon on the LinkedIn Blog, the company confirmed that some LinkedIn account passwords had been compromised. LinkedIn has deactivated the passwords for affected accounts and sent out an email for the owners of those accounts to reset their passwords. LinkedIn's customer support team will send out a second email to affected users that will provide further information on the security breach.

Further, LinkedIn noted that the site has recently implemented improved security protocols. Passwords for LinkedIn accounts are now encrypted in a manner that includes both hashing and salting.

By Electronista Staff
Post tools:




  1. azrich

    Fresh-Faced Recruit

    Joined: Apr 2010



    This is crazy, I can not $%^&* believe this. What is going on in the frickin' world...

    I mean, How does a hole like Linkedin have over 6.5 million subscribers... Jeez

    Sorry, I thought that was funny enough to share. As for the article, they should really do something about that.

  1. qazwart

    Fresh-Faced Recruit

    Joined: Apr 2001


    LinkedIn Passwords aren't the issue

    Cracking the passwords means they're going to do a dictionary attack against the file. If your password is "password" or "pa55w0rd", they will discover your password. If your password was "pwqeqe123493", they won't. Others will be somewhere in between.

    However, it isn't your Linkedin account you should be worried about: It's all your OTHER accounts that use the same password. I might use "53cr3t5auc3" for not only my LinkedIn account, but my Gmail account, and my bank account. Changing your LinkedIn password isn't enough. You need to change ALL of your accounts that used a similar password.

  1. climacs

    Mac Enthusiast

    Joined: Sep 2001


    qazwart has it right

    these days, when we all have so many passwords for everything from bank accounts to some website forum where an account was created to ask a question that one time five years ago... you're a fool to use the same password for everything. Even companies that should know better (LinkedIn, Sony) get hacked and have shockingly poor security procedures to protect your info.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...



Most Commented


Popular News