Millions of LinkedIn passwords reportedly leaked online

siljaline · Jun 6, 2012

A hacker says he's posted 6.5 million LinkedIn passwords on the Web -- hot on the heels of security researchers' warnings about privacy issues with LinkedIn's iOS app. LinkedIn users could be facing yet another security problem.

A user in a Russian forum says that he has hacked and uploaded almost 6.5 million LinkedIn passwords, according to The Verge. Though his claim has yet to be confirmed, Twitter users are already reporting that they've found their hashed LinkedIn passwords on the list, security expert Per Thorsheim said.

LinkedIn revealed through its own tweet that it's looking into reports of stolen passwords, and it advised users to stay tuned for more information.

Many of the hashes include the word "linkedin," which The Verge believes lends credibility to the reports.
Click to expand...

Article

ronjor · Jun 6, 2012

Why LinkedIn's Password Leak Endangers Security Across The Web

Christopher Mims

Using the same password over and over again, across many sites, is extremely common. We're not sure how common — estimates range between 10 percent and 50 percent of all passwords are re-used — but I would be shocked if more than a small portion of LinkedIn users hadn't re-used their LinkedIn password at least once.

Which means, in the wake of the release of 6.46 million hashed (encrypted) LinkedIn passwords, Google probably has thousands of new breaches of Gmail to look forward to. Password re-use is by far the easiest way to breach accounts on otherwise secure sites. (Email addresses aren't hard to track down, and trying a password harvested from elsewhere can be automated.)
Click to expand...

https://www.technologyreview.com/view/428105/why-linkedins-password-leak-endangers-security

Cudni · Jun 6, 2012

Just in case, I would change the password unless sufficiently complex already

siljaline · Jun 6, 2012

A password reset is (recommended) easily done. http://www.linkedin.com/passwordReset

Cudni said:

Just in case, I would change the password unless sufficiently complex already
Click to expand...

ronjor · Jun 6, 2012

An Update on LinkedIn Member Passwords Compromised

Vicente Silveira, June 6, 2012

We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:
Click to expand...

http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/

Rmus · Jun 6, 2012

Wouldn't the LinkedIn account also require a user name to get in?

----
rich

Technical · Jun 6, 2012

Rmus said:

Wouldn't the LinkedIn account also require a user name to get in?
Click to expand...

It's an email address of the user

EncryptedBytes · Jun 6, 2012

I had the privilege to see the leaked data as it hit some hacking circles earlier in the morning. You will be happy to know Linkedin doesnt salt or use any key derivation function techniques on your passwords.

I did a simple grep look up this morning to see if my SHA hashed value was one of the compromised ones, it appears not to be, however I would still change your passwords regardless of their complexity.

siljaline · Jun 6, 2012

Normal LinkedIn account login would be email & password. Most I know have changed their passwords.

Rmus said:

Wouldn't the LinkedIn account also require a user name to get in?
----
rich
Click to expand...

NGRhodes · Jun 7, 2012

LinkedIn confirms "some" members passwords compromised

LinkedIn said:

We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts
Click to expand...

LinkedIn said:

1.Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid
Click to expand...

http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/

stapp · Jun 7, 2012

Looks like Last.fm may have gotten hacked as well

http://arstechnica.com/security/2012/06/another-hack-last-fm-warns-users-to-change-their-passwords/

Thankful · Jun 7, 2012

A LinkedIn leak lesson: top 30 dumb passwords people still use:
http://redtape.msnbc.msn.com/_news/...n-top-30-dumb-passwords-people-still-use?lite

JRViejo · Jun 8, 2012

In a somewhat confusingly worded blog post, LinkedIn director Vicente Silveira this afternoon said that LinkedIn had "learned" about 6.5 million passwords being posted on a hacker site, but then neither confirmed nor denied that number.

Instead, he merely noted that most of the passwords on the list appeared to remain hashed and hard to decode. "But unfortunately a small subset of the hashed passwords was decoded and published," Silveira said.
Click to expand...

LinkedIn provides breach update -- sort of by Jaikumar Vijayan.

EncryptedBytes · Jun 8, 2012

Instead, he merely noted that most of the passwords on the list appeared to remain hashed and hard to decode... Silveira said.
Click to expand...

In my professional opinion, Na Uh! Maybe if they bothered to do more than simply hash the passwords only.

Log in or Sign up

Millions of LinkedIn passwords reportedly leaked online

siljaline Registered Member

ronjor Global Moderator

Cudni Global Moderator

siljaline Registered Member

ronjor Global Moderator

Rmus Exploit Analyst

Technical Registered Member

EncryptedBytes Registered Member

siljaline Registered Member

NGRhodes Registered Member

stapp Global Moderator

Thankful Savings Monitor

JRViejo Super Moderator

EncryptedBytes Registered Member

Log in or Sign up

Millions of LinkedIn passwords reportedly leaked online

siljaline Registered Member

ronjor Global Moderator

Cudni Global Moderator

siljaline Registered Member

ronjor Global Moderator

Rmus Exploit Analyst

Technical Registered Member

EncryptedBytes Registered Member

siljaline Registered Member

NGRhodes Registered Member

stapp Global Moderator

Thankful Savings Monitor

JRViejo Super Moderator

EncryptedBytes Registered Member

Useful Searches