LinkedIn Passwords Compromised, Company Suggests Changing Them

by Jordan Richardson on June 7, 2012

Professional social networking site LinkedIn has confirmed reports that some of its user’ passwords have been breached. There are claims that some 6.5 million passwords from LinkedIn have been uploaded to a Russian website.

The bad news comes just days after reports that LinkedIn’s iOS app was compromised and was collecting full meeting notes and details from a device’s calendar to send them back to the company in plain text.

The site responded to those reports and clarified improvements it would make, but the password breach really couldn’t have come at a worse time.

LinkedIn addressed the breach in a blog post, confirming that some passwords were indeed compromised and outlining the steps it was taking to handle the situation:

  1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
  2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
  3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

According to reports, the passwords were uploaded to the Russian site in their encrypted form and without user names, which could indicate that the hacker’s goal was not to expose innocent individuals but to outline just how problematic LinkedIn’s security system really is.

The encryption used isn’t foolproof, though, and passwords can potentially be accessed by others with the right software tools. Some LinkedIn users were reported to have found “hashed” versions of their passwords. Unfortunately, the hacker’s “noble” deed is primed to backfire. Some hackers using the Russian site asked for assistance in cracking some of the “hashed” passwords, leading to reports that around 236,578 passwords had been busted wide open by Wednesday morning.

Obviously the recommendation is the changing of passwords for LinkedIn users. The site has featured a blog post about the best password practices to serve as a reminder to users as to how to effectively prevent compromised accounts.

“One of the best ways to protect your privacy and security online is to craft a strong password, to change it frequently (at least once a quarter or every few months) and to not use the same password on multiple sites,” LinkedIn product manager Vicente Silveira wrote in the posting.

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Jordan Richardson. www.digitcom.ca. Follow TheTelecomBlog.com by: RSSTwitterFacebook, or YouTube.

Previous post:

Next post: