6.5 million LinkedIn passwords reportedly leaked on Russian hacker site
(CBS News) LinkedIn is investigating reports that 6.5 million passwords have been leaked on a Russian hacker site.
"Our team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred," the LinkedIn team posted on Twitter Wednesday.
LinkedIn is a professional social networking site, where users can post their resumes and connect with colleagues or industry contacts.
According to The Verge, a user on a Russian forum claimed responsibility for the hack. The alleged hacker uploaded passwords, but not usernames. While there is still speculation over whether or not the hack is a hoax, some people have reported via Twitter their passwords have been posted.
The BBC consulted security researcher Graham Cluley on the authenticity of the reports of the hack.
"We've confirmed there are LinkedIn passwords in the data," Cluley told the BBC. "We did this by searching through the data for (hashed) passwords that we at Sophos use only on LinkedIn. We found those passwords in the data. We also saw that hundreds of the passwords contain the word 'Linkedin.'"
Several sources are reporting that the passwords are not encrypted using a method called "salting," which would make the text nearly impossible to interpret.
LinkedIn has about 150 million members. Users are encouraged to change their passwords immediately as a precaution.
