Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Data Leaks

June 7th, 2012, 06:48 GMT · By

Confirmed: Leaked Passwords Correspond to LinkedIn Accounts

SHARE:

Adjust text size:

LinkedIn's Vicente Silveira confirms that the passwords are associated to user accounts
Enlarge picture
LinkedIn representatives have confirmed that at least some of the 6.5 million passwords that have been leaked on a Russian forum correspond to their users’ accounts. However, the company hasn’t been able to find any signs of a breach.

LinkedIn has taken immediate steps to remove the risks caused by the incident. First of all, the passwords of affected members have been made invalid.

As a result, impacted users will receive notifications containing instructions on how to reset their passwords. One observation that must be made is that these emails will not contain any links.

Once the steps are completed, a second message will be received containing the password reset link.

It’s important that LinkedIn customers take note of this to avoid potential phishing campaigns that might leverage the incident.

Users whose passwords show up in the data dump will receive an additional email in which they’ll be informed on why they’re being asked to make the changes.

“It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases,” Vicente Silveira, a director at LinkedIn, wrote.

However, that’s not the end of it. Security firm Imperva claims that the actual number of passwords obtained by the cybercriminals may be much higher than 6.5 million.

Experts believe that the individual who posted the hashes has left out the “easy” ones that he could decrypt himself and made available only the more complex ones for which he needed help to crack.

Another clue which indicates that the number of passwords might exceed the 6.5 million limit is that most of them are listed only once.

“In other words, the list doesn’t reveal how many times a password was used by the consumers. This means that a single entry in this list can be used by more than one person,” Imperva’s Rob Rachwald explains.

Once again, we urge all LinkedIn customers to change the passwords that they've used to guard their social media account.
FILED UNDER:
LinkedIn
incident
data leak


1,722 hits
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


6.5 Million Alleged LinkedIn Password Hashes Dumped Online
Fake LinkedIn, MySpace, Pinterest, Foresquare Notifications Serve Fraud Sites
Privacy Issue: LinkedIn for iOS Collects Calendar Entries
LinkedIn Reminders Point to Malware Hosted on Hijacked Sites

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use