Technology

LinkedIn faces possible major security breach after hacking

LINKEDIN IS facing the prospect of a major security breach after a hacker reportedly posted almost 6

JJ WORRALL
Thu Jun 07 2012 - 01:00

LINKEDIN IS facing the prospect of a major security breach after a hacker reportedly posted almost 6.5 million account passwords on a Russian cyber-crime forum.

Last night the firm posted a blog stating: “We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation.” Members with accounts associated with the compromised passwords would notice that their LinkedIn account password was no longer valid.

Independent security experts from Sophos, Errata Security and Rapid7 all said the hack was real.

Errata Security’s Robert David Graham posted a blog saying: “I can confirm this hack is real: the password I use for LinkedIn is in that list. I use that password nowhere else. Furthermore, it is long/complex enough that I’m confident nobody else uses the same password. Other security pros are reporting the same result.”

READ MORE

British computer security software maker Sophos and Rapid7 carried out similar tests and found employee and colleague passwords within the file posted on the Russian forum.

LinkedIn has more than 161 million members worldwide.

The passwords posted on the Russian forum are encrypted using an algorithm known as SHA-1.

It only included passwords and not corresponding email addresses, which means that people who download the files and unscramble the passwords will not easily be able to access any accounts with compromised passwords.

Analysts said it was likely that the hackers who stole the passwords also had the corresponding email addresses and would be able to access the accounts.

Sophos senior technology consultant Graham Cluley advised users to change their LinkedIn password. If that password was used on other sites as well, it was advisable to change it elsewhere, too. While Mr Cluley and other bloggers debated the possible consequences of the incident, many pointed out that with LinkedIn unable to officially confirm that the attack took place, it may point towards a security frailty that remains unsolved.

Renaissance security firm’s Michael Conway said: “For those who don’t change their password it could pose a significant danger. If someone hacks your password, and there will be people out there doing that, there’s plenty to be found in a lot of accounts in terms of personal information and the people they deal with as well.”

LinkedIn has tweeted a link to an advice page on updating passwords and security best practices. – (Additional reporting: Reuters)

Business Today

Business Today

Get the latest business news and commentary from our expert business team in your inbox every weekday morning