Share

Related Stories

  • LinkedIn, Locked In or Left Out?
    Maintaining a LinkedIn profile is a ‘necessary evil’ in the opinion of security consultant Kevin Eagles. Here he examines some of the privacy and security pitfalls of having a presence on the social networking site
  • Phony LinkedIn invitations lead to malware
    Scammers are sending out bogus invitations and message notifications to LinkedIn users that contain links to compromised websites, warned internet security firm Commtouch.
  • Research shows Facebook now more popular than LinkedIn and Twitter
    The scale of social networking dominance of Facebook – with all the security implications that it poses businesses – is shown in the latest research from AVG, which claims to show that 34% of small and medium-sized businesses (SMBs) in the UK and US are using social networking in their business.
  • LinkedIn bows to pressure over “social ads” privacy concerns
    LinkedIn has responded to criticism of its "social ads" feature over its use of members' names and photos in advertisements on its website.
  • Sophos warns LinkedIn users to review their online data following privacy rule change
    Sophos has warned LinkedIn users of the need to be aware of a change to the business social networking site's privacy policy, apparently allowing the site to use member's names and photos in promotional advertisements. The change, says the IT security vendor, allows LinkedIn to use the information and pictures by default, meaning that users have to opt out of seeing their names and photos in the site's advertisements.

Top 5 Stories

News

LinkedIn confirms probe of possible breach that may have exposed 6.5 million user passwords

06 June 2012

The professional networking site LinkedIn confirmed Wednesday that is it investigating a possible breach of its site after reports circulated that a staggering 6.5 million LinkedIn hashed passwords were stolen and posted on a Russian hacker site.

“Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here”, LinkedIn said in a Twitter message.

IT security and data protection firm Sophos said that its researchers have observed a file containing close to 6.5 million unsalted password hashes posted on the internet, and hackers are currently working to crack them. Sophos researchers have confirmed that the file contains LinkedIn passwords, but not associated email addressses.

“It would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step”, said Graham Cluley, senior technology consultant at Sophos. “Of course, make sure that the password you use is unique – in other words, not used on any other websites – and that it is hard to crack. If you were using the same passwords on other websites, make sure to change them too. And never again use the same password on multiple websites.”

Commented Orlando Scott-Cowley, a security expert at cloud email firm Mimecast: “While a data leak of this kind would be very worrying for individuals, a security issue with LinkedIn could also be very potentially damaging for businesses. With many users seeing the site as an extension of their business communications, rather than as a personal tool, employers need to be aware about the possible threat to corporate data that a LinkedIn breach could represent.”

Security researcher Mikko Hypponen advised LinkedIn users: “First change your LinkedIn password. Then prepare for scam emails about LinkedIn password changes, linking to phishing sites.”
 

This article is featured in:
Application Security  •  Data Loss  •  Encryption  •  Identity and Access Management  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×