Member Sign In or Register
LinkedIn accounts hacked- Passwords leaked by Russian website
LinkedIn accounts hacked- Passwords leaked by Russian website
By: iMedia News Bureau

The professional social networking site LinkedIn is investigating claims that more than 6 million passwords were stolen and uploaded to a Russian-language web forum today.

The user uploaded 6,458,020 hashed passwords, but no usernames. It's not clear if they managed to download the usernames but it's likely that both have been downloaded. There is a possibility that this could be a hoax, but several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list. Many of the hashes include "LinkedIn," which seems to add credence to the claims.

"Our team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred,” the company said on Twitter feed.

It's worth noting that the passwords are stored as unsalted SHA-1 hashes. SHA-1 is a secure algorithm, but is not foolproof. LinkedIn could have made the passwords more secure by 'salting' the hashes, which involves merging the hashed password with another combination and then hashing for a second time.

Two security firms, Sophos and Rapid7, told CIO Journal they were able to confirm the breach by searching for the known passwords of colleagues within the massive file they say has been spreading through other hacker forums.

Graham Cluley, a consultant with UK Web security company Sophos, recommended that LinkedIn users change their passwords immediately. Before confirming the breach, LinkedIn issued security tips as a precautionary measure. The company said users should change passwords at least every few months and avoid using the same ones on multiple sites. LinkedIn also had suggestions for making passwords stronger, including avoiding passwords that match words in a dictionary. One way is to think of a meaningful phrase or song and create a password using the first letter of each word

Considering that LinkedIn reported back in February that 150 million people use the professional networking service (a number that has certainly grown since then), the breach represents a relatively small number of users. Though chances are slim that you yourself are personally affected — 6.5 million people makes up less than 5% of LinkedIn’s userbase — those odds seem unlikely to assuage the concerns of people who are.

In order to determine whether or not your password was among the more than 6.5 million leaked LinkedIn password, a new site, has just sprouted up to help you  The service created by Fictive Kin states, “Some of us were victims and we want to help you find out if you are a victim too. Just provide your password (which we hash with JavaScript; view source to verify) or a SHA-1 hash of your password below and we’ll check.