6.46 Million Hashed LinkedIn Passwords Stolen; Hackers Trying to Decrypt Them
By on June 6th, 2012

[Update 2]

LinkedIn has confirmed the security breach. Read the full story here.

[Update] 

LinkedIn Director, Vicente Silveira, has posted a blog post on how users can update their password on LinkedIn along with some recommended account security and privacy tips. The update also indicates that LinkedIn’s “security team continues to investigate this morning’s reports of stolen passwords. At this time, we’re still unable to confirm that any security breach has occurred.”

[Original]

Yet another security problem that LinkedIn users could face. A user in a Russian forum claims to have hacked into LinkedIn, and has leaked a 118 MB hash file containing passwords of more than 6.4 million LinkedIn users. The user uploaded the file on the Russian forum and his fellow mates are trying to decrypt the hash file.

LinkedIn posted an update on Twitter stating that its team is looking into reports of stolen passwords, however, they haven’t confirmed any security breach yet. It is said that there is a possibility that this could be a hoax, however, according to The Verge, several LinkedIn users have said on Twitter that they found their real LinkedIn passwords as hashes on the list.

Linkedin Twitter Updates

Sophos, a security research company, has confirmed that the hash file contains valid LinkedIn passwords, however, the LinkedIn team is still figuring out if there was a security breach or not. The Russian hacker has uploaded over 6,458,020 hashed passwords, but no usernames are found. It is unclear if the hacker has also managed to obtain usernames, but it’s likely that he might have managed to obtain them.

According to CNET, “LinkedIn passwords are encrypted using an algorithm known as SHA-1, which is considered very secure. Complex passwords will likely take some time to decrypt, but simple ones may be at risk.”

According to LinkedIn’s latest tweet, “Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here”, shows that the social network has not found any evidence as such. It could also mean that the Russian hacker and the other hackers were mistaken that the hashes were LinkedIn passwords.

LinkedIn currently has over 150 million users. Although 6 million is a small number of users, however, it still is unacceptable that such a security breach has taken place. This is a developing story, and we will update this post when more information is available.

As a precautionary measure, it is recommended that all LinkedIn users change their password immediately.  If you’ve been using the same password on other websites, then it is highly recommended that you change them too.

Tags:
Author: Joel Fernandes Google Profile for Joel Fernandes
Joel Fernandes (G+) is a tech enthusiast and a social media blogger. During his leisure time, he enjoys taking photographs, and photography is one of his most loved hobbies. You can find some of his photos on Flickr. He does a little of web coding, and maintains a tech blog of his own - Techo Latte. Joel is currently pursuing his Masters in Computer Application from Bangalore, India. You can get in touch with him on Twitter - @joelfernandes, or visit his Facebook Profile for more information.

Joel Fernandes has written and can be contacted at joel@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN