LinkedIn Suffers Data Breach
6.5 Million Members Affected
Social networking site LinkedIn is investigating a data breach that reportedly compromised the passwords of 6.5 million of its members. Concerns about a breach first surfaced early yesterday after a user on a Russian forum claimed to have hacked and uploaded the passwords, prompting a global frenzy about what personal information may or may not have been released. In a blog entry posted in response to inquiries, LinkedIn apologized for the problems and said it is taking steps to try to minimize any damage the breach may have caused.
"Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid," the blog read. "These members will also receive an e-mail from LinkedIn with instructions on how to reset their passwords. These affected members will receive a second e-mail from our customer support team providing a bit more context on this situation and why they are being asked to change their passwords."
Security experts who've been monitoring the breach say the alleged hacker uploaded passwords, but not usernames. It is quite possible, though, that hackers also have possession of the e-mail addresses of LinkedIn users, which, coupled with passwords, would allow for data-driven crimes. Currently, the posted passwords are being stored as so-called unsalted SHA-1 hashes, which still must be decrypted to put information in jeopardy. So far, more than 300,000 passwords have been decrypted, and experts believe that number will continue to rise as hackers are using crowdsourcing-like methods to crack codes more efficiently.
Mountain View, CA-based LinkedIn launched its popular social networking site in 2003 and reports more than 160 million registered users worldwide. The company has promised updates on its investigation and has continued to use social media channels to advise its members on the situation.