LeakedIn: Social network for pros suffers attack, 6.5 million passwords leaked to a Russian website.
Click to enlarge |
A leaked password database has been published on a Russian hacking forum belonging to LinkedIn members, company Director, Vicente Silveira confirmed on a blog post, yesterday.
The passwords appear in the form of a cryptographic “hash” which converts text into a sequence of numbers and letters using a mathematical formula, say security experts.
The LinkedIn passwords did not contain a “salt” which usually protects against dictionary and other attacks.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” wrote Silveira.
The social network for professionals has around 160 million members globally, all of who have been advised by security experts to change their password.
Security experts SophosLabs who examined the password “dump” says there are 5.8 million unique password hashes in the leak, or which 3.5 m have already been ‘brute forced.’
“That means over 60% of the stolen hashes are now publicly known,” warned Chester Wisniewski, SophosLabs.
Other passwords the security experts found in the dump include ‘linkedin’, ‘linkedinpassword’, ‘p455w0rd’ and ‘redsox’.
“We even found passwords that suggest people should know better like ‘sophos’, ‘mcafee’, ‘symantec’, ‘kaspersky’, ‘microsoft’ and ‘f-secure’,” Wisniewski added.
The social network said it is “continuing to investigate this situation” and says members whose passwords have been compromised are no longer valid.
Members affected will also receive an email from LinkedIn with instructions on how to reset their passwords.
There won’t be any links in this email but you follow this step and request password assistance, users will receive an email from LinkedIn with a password reset link.
“Affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases,” Silveira confirmed.
“We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously,” he added.