Wednesday, 06 June 2012 11:16

Hackers Claim to Have Stolen As Many as Six Million LinkedIn Account Passwords

Written by

Reading time is around minutes.

News_manstealingdataJust when you thought it was safe to go back in the web waters… It seems that some enterprising hacking group (as of right now not associated with Anonymous) has decided to break into LinkedIn and grab some passwords. According to reports the data is still in encrypted format, but the group that grabbed them is looking for help decrypting them.

According to reports the group posted the encrypted information to a Russian form and has been asking the rest of the hacking community to help break the encryption which will expose as many as six million user passwords.
linkedin
So far LinkedIn has not commented on the breach, but they are checking into the reports. Security firm Sophos has looked at the data and claim that there are linked in passwords in the dump. “We did this by searching through the data for (hashed) passwords that we at Sophos use only on LinkedIn. We found those passwords in the data. We also saw that hundreds of the passwords contain the word 'Linkedin'”

This is not the first issue that LinkedIn has had recently though, they are just getting past a privacy issue with their mobile app that included sending unencrypted calendar entries (including notes containing dial in numbers etc.) to the service. Many have forgone the use of LinkedIn on mobile devices simply because of the level of access it “requires” to function like calendar and contact access.

Screenshot_2012-06-06-11-09-47 Screenshot_2012-06-06-11-09-41


This is a going trend with Mobile Apps though as they seek to gather data about users in greater amounts. The LinkedIn issue was the data transmitted was done without any encryption at all making it accessible to anyone reading data going to the service.

Right now the recommendation is to change your password for LinkedIn and any other services that use the same email address (if you are using the same password). As a rule you should try to avoid using the same password across multiple services, but many still do for convenience.

We hope that LinkedIn will address this issue and make a formal statement about this very soon. When and if they do we will be sure to let you know.

Discuss this in our Forum

Read 4455 times Last modified on Wednesday, 06 June 2012 11:36

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.