With lawmakers in Washington D.C. expressing concern, LinkedIn confirmed Wednesday afternoon via its blog that user passwords had been compromised. The business networking site, however, did not address whether the number of passwords stolen equaled the more than 6.5 million reported earlier in the day. Regardless, both LinkedIn and security experts advise that LinkedIn users change their passwords as soon as possible.
LinkedIn director Vicente Silveria wrote:
We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:
Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email.
These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
Earlier in the day, Sophos security firm reported that the files posted on a Russian hacker site do contain LinkedIn passwords. "A file containing 6,458,020 SHA-1 unsalted password hashes has been posted on the internet, and hackers are working together to crack them," wrote Graham Cluley, Sophos senior technology consultant. "Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals,"
All LinkedIn members should take precautionary measures and change their passwords immediately, Cluley advised, and provided the following instructions:
- Log into LinkedIn.
- You should see your name in the top right hand corner of the webpage. Click on it, and you will open a drop-down menu. Choose "Settings".
- Choose the option to change your password.
- After entering your old password, you will have to enter your new (hopefully unique and hard-to-crack password) twice.
If you access LinkedIn via your Facebook account, take the extra precaution of changing your Facebook password as well. Further, if your LinkedIn password is the same one you use for any other accounts, change those as well -- hackers will often try out a password on several accounts, since so many people are in the (bad) habit of using just one.
Report: Hacker claims to upload 6.5M LinkedIn passwords LinkedIn confirms 'some' passwords
stolen; hacker says 6.5M LinkedIn - World's Largest Professional Network Brian Richter |
NetProspex - Business contact information including email, phone, linkedin, twitter, and facebook
LinkedIn confirms password leak, lawmakers chime in - Technolog on msnbc.com LinkedIn
confirms password leak, urges password updates - Technolog on msnbc.com Ten tips for using your
LinkedIn profile to the best advantage | TechRepublic