Almost 6.5 million LinkedIn passwords reportedly stolen
A huge blow for LinkedIn if the story breaking today is correct. A user in a Russian internet forum claims to have hacked the professional social network LinkedIn and stolen the account details of almost 6.5 million accounts.
According to reports the user has uploaded 6,458,020 hashed passwords, but as yet no usernames.
According to The Verge it is not clear as to whether the Russian hacker has managed to download the usernames of LinkedIn users as well as the passwords.
So far all LinkedIn has said, via Twitter, is that its ”team is currently looking into reports of stolen passwords. Stay tuned for more”.
It’s likely that both have been downloaded.There is a possibility that this could be a hoax, but several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list. Many of the hashes include “linkedin,” which seems to add credence to the claims.
We spoke with Mikko Hypponen, Chief Research Officer at F-Secure, who thinks this is “a real collection.” He told us he is “guessing it’s some sort of exploit on their web interface, but there’s no way to know. I am sure sure LinkedIn will fill us in sooner or later.”
It’s worth noting that the passwords are stored as unsalted SHA-1 hashes. SHA-1 is a secure algorithm, but is not foolproof. LinkedIn could have made the passwords more secure by ‘salting’ the hashes, which involves merging the hashed password with another combination and then hashing for a second time. Even so, unless your password is a dictionary word, or very simple, it will take some time to crack. We’ve reached out to LinkedIn to determine the accuracy of the claims, but in the meantime, we recommend changing your password just in case, The Verge reports.
If you haven’t already it is probably time to change your LinkedIn password and maybe use it as an opportunity to spruce up your LinkedIn account.