LinkedIn confirms password leak, encourages users to update passwords

LinkedIn

(CBS News) Following reports that 6.5 million LinkedIn passwords were leaked on a Russian hacker site, the company confirmed Wednesday that "some of the passwords that were compromised correspond to LinkedIn accounts." 

LinkedIn is a professional social networking site, where users can post their resumes and connect with colleagues or industry contacts.

Vicente Silveira, director at LinkedIn, said in a blog post, "We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts."

Those next steps for LinkedIn members so far include:

1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.

2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email.

3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

According to The Verge, a user on a Russian forum claimed responsibility for the hack. The alleged hacker uploaded passwords, but not usernames. While there are still few details of the hacking, some people have reported via Twitter their passwords have been posted.

The company previously encouraged users to update their passwords, just ahead of confirming there had been a security breach.

[kiichi.takeuchi]

You can check your password here:
Was my LinkedIn password compromised?
http://blog.objectgraph.com/linkedin/

[peetrerb]

Time for an IPO issue!

[safegadget]

It is kind of ironic sending out security tips on a site that's been compromised! This is horrible. A public company can't keep their password database secure?! We have to basically assume that many highly trafficked, sites will be attacked and some compromised in the future. Pretty depressing.. It is imperative that everyone use unique strong password on each site. A Password manager is basically mandatory. I wrote a blog post that covers this password area. I wish more regular users would follow some of my free tips

http://www.safegadget.com/34/how-to-create-store-and-use-secure-passwords/

[dgilluly]

To the people thinking this is a 'minor' threat. A lot of damage can be done through social networks, mainly to start a wide 'social engineering' attack. Also many users use the same password for all of their social networking accounts, and some use the same password for everything including banking. So I'd say that this is more than a 'minor' threat. Though hopefully LinkedIn will learn and change their password encryption to something more secure.

[HenriKoppen]

6.5 million **UNIQUE** LinkedIn passwords were leaked. Quit a bit of users will have the same password (like : 012356 or passw0rd or obama2102).

This is done because someone had access to the database! Also, the passwords are from some time ago (year+). This means they are already in for some time.

This is bad:
A) LinkedIn has still no clue and never knew it was hacked
B) Password are weak encrypted. For a billion dollar company this is bad practice
C) Users use passwords for more than one service, so damage is more than just contact information

[Rajamanickam_A]

I would like to know whether changing the password will help to keep the LinkedIn account safe. The hackers may get the new password too, right?
Anyway, if you need to know the steps for changing the password for the linkedin account, you can watch this video http://www.youtube.com/watch?v=y9KGpS863IE

[tmittelstaed]

I just heard of this and changed the password on my "ripper" username on Linkedin to 23456789....Oh damn! :-)

Seriously, jokes aside, some users are indeed stupid enough to make a post like this on an open forum.

[iit_delhi]

My pw was also hacked... God save us from the russian hackers... is this a cold war against the USA?
http://joblagao.com/blog/linkedin-password-chori-ho-gaya/

[DumbOkie]

I'm sorry, but who the h*** cares? How can the hackers get any money? I mean, seriously, they have the passwords, but no user names. What are they going to do? Try to figure out a username, then test 6.5 MILLION potential passwords...so they can link to weird people or change my profile to make me a circus highwire artist??????

New meaning for ***: Why The Fuss?????

[20sumtin]

Uhm... when a hacker gets into an account of one of your contacts, he could possibly post a message regarding security breaches in banks or what not and also post a link to change your details... by doing this, he is more likely to get you to comply as this is posted under a reliable contact of yours... and that's just one example...

[tmittelstaed]

The issue is that if he has the 6.5 million passwords he obviously has the usernames also - he just didn't post them. You wanna trust that he isn't going to release the usernames in the future someday?

[MoniqueCloutier]

My friend Kim from JustAskKim.com just emailed me as her subscriber to alert me of this security breach.

I followed Kim's advice prompted by this breaking news story and changed my login details including my password on LinkedIn.

@MoniqueCloutier