LinkedIn has confirmed the security breach. Read the full story here.
LinkedIn Director, Vicente Silveira, has posted a blog post on how users can update their password on LinkedIn along with some recommended account security and privacy tips. The update also indicates that LinkedIn’s “security team continues to investigate this morning’s reports of stolen passwords. At this time, we’re still unable to confirm that any security breach has occurred.”
Yet another security problem that LinkedIn users could face. A user in a Russian forum claims to have hacked into LinkedIn, and has leaked a 118 MB hash file containing passwords of more than 6.4 million LinkedIn users. The user uploaded the file on the Russian forum and his fellow mates are trying to decrypt the hash file.
LinkedIn posted an update on Twitter stating that its team is looking into reports of stolen passwords, however, they haven’t confirmed any security breach yet. It is said that there is a possibility that this could be a hoax, however, according to The Verge, several LinkedIn users have said on Twitter that they found their real LinkedIn passwords as hashes on the list.
Sophos, a security research company, has confirmed that the hash file contains valid LinkedIn passwords, however, the LinkedIn team is still figuring out if there was a security breach or not. The Russian hacker has uploaded over 6,458,020 hashed passwords, but no usernames are found. It is unclear if the hacker has also managed to obtain usernames, but it’s likely that he might have managed to obtain them.
According to CNET, “LinkedIn passwords are encrypted using an algorithm known as SHA-1, which is considered very secure. Complex passwords will likely take some time to decrypt, but simple ones may be at risk.”
According to LinkedIn’s latest tweet, “Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here”, shows that the social network has not found any evidence as such. It could also mean that the Russian hacker and the other hackers were mistaken that the hashes were LinkedIn passwords.
LinkedIn currently has over 150 million users. Although 6 million is a small number of users, however, it still is unacceptable that such a security breach has taken place. This is a developing story, and we will update this post when more information is available.
As a precautionary measure, it is recommended that all LinkedIn users change their password immediately. If you’ve been using the same password on other websites, then it is highly recommended that you change them too.