SOCIAL NETWORK FOR BUSINESS Linkedin is investigating reports that it has been hacked and its users' hashed passwords have been stolen.
Reports say that just under 6.5 million SHA-1 unsalted password hashes have been leaked online, but this has not been confirmed by the company. Instead it has just said that its engineers are looking into the situation.
Our team is currently looking into reports of stolen passwords. Stay tuned for more.— LinkedIn News (@LinkedInNews) June 6, 2012
In the meantime users are recommended to change their passwords, if they can remember what they are, and consider making them very strong indeed.
The passwords have been posted to a Russian hacking web site, and presumably dark forces are working hard to uncrack them. They might turn to phishing attacks, meaning that users should also be on the lookout for emails that purport to come from the firm and ask them to enter their password information on a web page.
"It would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step," said Graham Cluley, senior technology consultant at security firm Sophos.
"Of course, make sure that the password you use is unique - in other words, not used on any other websites - and that it is hard to crack. If you were using the same passwords on other websites - make sure to change them too. And never again use the same password on multiple websites."
News of the leak follows an earlier security incident at Linkedin that saw its IOS mobile application taking liberties with encrypted personal information.
In a blog Linkedin disputed some researchers' takes on the applications data backup feature, which said that it put personal data at risk, explaining that it takes personal security very seriously. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted