An hour ago, from LinkedIn’s official twitter account (@LinkeInNews) for news and updates, announced the status about the reported ‘stolen passwords’.
Our team is currently looking into reports of stolen passwords. Stay tuned for more.
— LinkedIn News (@LinkedInNews) June 6, 2012
This is indeed quite upsetting and alarming, if this news is true, since there are currently 6.5 million LinkedIn users — more appropriately saying ‘professionals’ together with their networks are at risk! According to LifeHacker.com, one cause of the leak is its mobile apps that transmit personal data; such as meeting notes and calendar info in plain text. Further, they advised all LinkedIn users to change their password as soon as possible even though the news is yet to be confirmed. Reports said that the leak was discovered after a package of encrypted passwords called “Hashes” was posted in a Russian hacker site two days ago and obviously, it was posted there to seek for cracking assistance from co-hackers in that online community. Password expert and consultant Evry, Per Thorsheim said…
“There is much to suggest that passwords are derived from LinkedIn, the great social network for professional users”. further, Thorsheim told reporters that “Unfortunately, they are in a format that makes it relatively easy to break them”.
Apparently, one user tweeted about the alleged report confirming that his hashed password was included in the package posted in the Russian site.
btw after getting the list of @linkedin hashes and hashing my old pwd with no salt there is a match for the hash in the list
— securityninja (@securityninja) June 6, 2012
Last modified: June 6, 2012