Skip to comments.LinkedIn investigating reports of stolen passwords
Posted on 06/06/2012 1:18:46 PM PDT by Olog-hai
Business social network LinkedIn said Wednesday it is investigating reports that more than six million passwords have been stolen and leaked onto the Internet.
Graham Cluley, a consultant with U.K. web security company Sophos, said in a blog post that a file containing more than six million encrypted passwords has been posted on the internet and hackers are working together to crack them.
"Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals," he said.
While LinkedIn did not confirm if any user data had been hacked or leaked, Cluley said that investigations by Sophos researchers have confirmed that the file posted online does contain, in part, LinkedIn passwords. Cluley recommended LinkedIn users change their passwords "as soon as possible."
(Excerpt) Read more at hosted2.ap.org ...
A friend who is a very technical sysadmin type downloaded the file that is apparently “out there” and found the hash for his password.
My take - change your LinkedIn PW asap if your account means anything to you. If you use the same UN/PW combo elsewhere, you may want to change that.
LinkedIn and Facebook are like leprosy. You just can’t get rid of them. I have tried for years.
I must get 5 emails a day “so and so would like to connect with you” or “you have notifications pending”.
Make them stop! [wm shatner on a plane seeing monster on the wing.]
Wonder how long before LinkedIn tells it’s users...?
LinkedIn seemed like a good idea a few years ago. I joined for professional reasons.
But it got invaded by people with a Facebook mentality - I get more requests from people trolling for links than I get from people I know these days. For some, it seems to have become a sort of popularity contest to see how many links you can accumulate, as if this were some sort of badge of honor.
This makes the networking aspect sorta break down - if everyone is linked to everyone, then it may as well be no one linked to no one. Get attached to one person who has this link fetish and you’re bombarded with suggestions for people you couldn’t possibly know or care to connect with. The whole thing is sorta falling apart, IMHO.
set up a spam receiver email address, and point them to that.
LinkedIn has since confirmed this. They have de-activated the hacked passwords and notified those users. Everyone should change them as a precaution though.
The whole idea of hashing passwords is that it is a one-way algorithm, and your actual password is not stored on the server at all. If all the file contained was hashes, it’s not of any use to anyone.
Russian hacker leaks 6.5million LinkedIn account passwords on cybercrime forum http://www.dailymail.co.uk/sciencetech/article-2155368/LinkedIn-passwords-leaked-Russian-hacker-puts-6-5m-account-details-cybercrime-forum.html
‘I wish I was dead’: Leaked LinkedIn passwords show that not EVERYONE is in love with their job http://www.dailymail.co.uk/sciencetech/article-2155752/LinkedIn-passwords-hacked-Most-depressing-I-wish-I-dead-I-hate-job.html