LinkedIn breached, suggests changing passwords

Written by JC Pulido III. Posted in News, Software and Apps

Tagged: , , ,

Published on June 07, 2012 with No Comments

Add another social networking site to the long list of sites that have compromised. A user in a Russian forum has released almost 6.5 million account details which includes hashed passwords to LinkedIn. While no usernames were included in the post, it is assumed that these were taken as well.

While the passwords are hashed using SHA-1, a secure algorithm, these are unsalted hashes. Salting hashes means that another layer of hashing by merging a separate combination with the unsalted hashed password. This adds another layer of security which can take a determined hacker a longer time to crack the hashed password.

LinkedIn, which is a social site designed for professionals, has already responded through Twitter:

A few hours after the first post on Twitter, LinkedIn confirmed on their blog that some of the passwords were compromised did correspond to LinkedIn accounts.

LinkedIn has made these efforts for those compromised accounts:

  1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
  2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
  3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

The company has also announced on their blog that steps have already been taken to increase the security of their users.

If you have a LinkedIn account, it’s better to be safe than sorry and change your password to the site. While you’re at it, choose a strong password as well. And if you used the same password you used on LinkedIn with other sites, change those as well.

Sources: BBC, The Verge, Twitter, Slashdot, LinkedIn, LinkedIn (2), Cnet