Printed from http://www.electronista.com

Report: 6.5 million LinkedIn passwords stolen [U]

updated 04:46 pm EDT, Wed June 6, 2012

Encrypted passwords reportedly posted to Russian hacker sites

(Updated with breach confirmation from LinkedIn) Wednesday brings reports of further security woes for LinkedIn, as Norwegian site Dagens IT carries a warning that 6.5 million encrypted passwords from the professional networking site have been posted to a Russian hacker forum. The passwords are said to be in an easily-crackable encryption format, and the files posted to the hacker site may contain user data as well. LinkedIn is looking into the problem, but the company is unable to confirm the breach as of yet.

The leaked passwords are said to be "hashed,": that is, encrypted with an algorithm that turns a block of data into a fixed-size bit string such that any change to the data will also change the hash value. The problem with hashed passwords is that identical passwords will be encrypted in an identical manner; so if two users both have the password "P@$$w0rd," then cracking one means that the other is cracked as well. Security experts have reportedly been castigating LinkedIn for failing to "salt" -- add another layer of security by inserting random pieces of information into the hash -- its passwords.

LinkedIn has yet to confirm the security breach, though the company has announced in two tweets over the past few hours that it is looking into the problem. Other outlets are advising that users change passwords for their LinkedIn profile, as it is unknown exactly which users may be affected by the breach.

Should reports of the breach prove true, it would mark the second security risk for the site to emerge today. Earlier, researchers discovered that a feature in the LinkedIn mobile app for iOS gathers and transmits back unsecured data from users' calendar apps.

Update: In a post this afternoon on the LinkedIn Blog, the company confirmed that some LinkedIn account passwords had been compromised. LinkedIn has deactivated the passwords for affected accounts and sent out an email for the owners of those accounts to reset their passwords. LinkedIn's customer support team will send out a second email to affected users that will provide further information on the security breach.

Further, LinkedIn noted that the site has recently implemented improved security protocols. Passwords for LinkedIn accounts are now encrypted in a manner that includes both hashing and salting.









By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. azrich

    Fresh-Faced Recruit

    Joined: Apr 2010

    0

    OMG!

    This is crazy, I can not $%^&* believe this. What is going on in the frickin' world...

    I mean, How does a hole like Linkedin have over 6.5 million subscribers... Jeez

    Sorry, I thought that was funny enough to share. As for the article, they should really do something about that.

  1. qazwart

    Fresh-Faced Recruit

    Joined: Apr 2001

    +6

    LinkedIn Passwords aren't the issue

    Cracking the passwords means they're going to do a dictionary attack against the file. If your password is "password" or "pa55w0rd", they will discover your password. If your password was "pwqeqe123493", they won't. Others will be somewhere in between.

    However, it isn't your Linkedin account you should be worried about: It's all your OTHER accounts that use the same password. I might use "53cr3t5auc3" for not only my LinkedIn account, but my Gmail account, and my bank account. Changing your LinkedIn password isn't enough. You need to change ALL of your accounts that used a similar password.

  1. climacs

    Dedicated MacNNer

    Joined: Sep 2001

    +3

    qazwart has it right

    these days, when we all have so many passwords for everything from bank accounts to some website forum where an account was created to ask a question that one time five years ago... you're a fool to use the same password for everything. Even companies that should know better (LinkedIn, Sony) get hacked and have shockingly poor security procedures to protect your info.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

DoxieGo Portable Scanner

Sometimes, people need to scan things, but having a computer at hand to do so isn't exactly feasible. Maybe it's the home of a relativ ...

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Sponsor

toggle

Most Commented

 
toggle

Popular News