LinkedIn the most popular business network site has been the prime target of Russian hackers, who managed to get away with 6.5 million encrypted passwords. These passwords were made available on the internet for hackers work on helping decrypt them. Reported by Dagens IT and Per Thorsheim, it can possibly be true that only some part of the information has been made available by the hackers.
This could officially wreak havoc for the 150+ million registered users on the network and tarnish the reputation of the network. Earlier this week it was reported that both the android and the iOS applications of LinkedIn transmitted unencrypted calender data which itself was a big security loophole awaiting exploitation. Although LinkedIn was quick to respond to the issue and updated both version of the applications, this breach sent a new series of shocks to the users.
Following LinkedIn’s tweet officially confirming the breach the network saw a surge of users yesterday, visiting the network to change their passwords. It is reported that the unsalted hashes use SHA-1 Encryption which is believed to be secure but if the password is a simple it might be possible to decrypt it, therefore users are advised to proceed with caution and choose passwords that include a mix of alpha numeric characters.
LinkedIn has recently updated their blog with news concerning the compromised accounts. [ June 6, 2012]. Here is some of the information that the post contains.
If your account was compromised you will not be able to login using your old password.
Such users would be sent instructions how to reset their passwords via their email addresses. This email would not include any links initially but once the user follows the steps listed, he/she would receive another email with the password reset link.
Lastly they would also receive an email informing them the reason for the sudden password change.
We would strongly advise linkedIn users who were using the same credentials for multiple sites to immediately change their passwords to avoid having other data compromised.