Passwords were compromised for over 6.5 million LinkedIn accounts according to reports Wednesday.
LinkedIn is a popular website for professional networking, commonly referred to as a “Facebook for business.” Throughout the day various sources reported the passwords were posted on a forum used by Russian hackers.
Apparently the login credentials were posted in order to get help decrypting the passwords, which were in masked in an encrypted format known as unsalted SHA-1 hash. If these 6.5 million were a hard group to decrypt, it implies there was another group of accounts whose passwords were easy to crack. Past studies have shown that a moderate segment of users will use more commonly-used or weaker passwords than was evident among the 6.5 million posted by the hackers.
LinkedIn tweeted early in the day, “Our team is currently looking into reports of stolen passwords. Stay tuned for more.” Vicente Silveira, Director of LinkedIn, later posted on the company’s blog, “An Update on LinkedIn Member Passwords Compromised.” He acknowledged the likelihood of a larger group than the 6.5 million accounts posted by the hackers. Silveira advised that LinkedIn members will receive an email providing instructions how to reset their passwords.
There could be collateral damage if people use the same password for other accounts as they use for LinkedIn; then those accounts are at risk too. It’s a good time to reset your passwords.