LinkedIn investigating reports of stolen passwords

Question of the Day

Is it still considered bad form to talk politics during a social gathering?

View results

LONDON (AP) - Business social network LinkedIn is confirming reports that some of its users’ passwords have been stolen and leaked onto the Internet.

The company said in a blog post Wednesday that some of the more than six million passwords that were compromised correspond to LinkedIn accounts. It did not say how many.

LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought.

THIS IS A BREAKING NEWS UPDATE. Check back soon for further information. AP’s earlier story is below.

Business social network LinkedIn said it is investigating reports that more than six million passwords have been stolen and leaked onto the Internet.

Although LinkedIn did not confirm if any user data had been hacked or leaked, researchers at U.K. Web security company Sophos say they have confirmed that a file posted online does contain, in part, LinkedIn passwords “hashes.” That’s a way of encrypting or storing passwords in a different form.

Graham Cluley, a consultant with Sophos, recommended that LinkedIn users change their passwords immediately.

LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought. Companies, recruiting services and others have accounts alongside individuals who post resumes and other professional information.

There’s added concern that many people use the same password on multiple websites, so whoever stole the data could use the information to access Gmail, Amazon, PayPal and other accounts, Cluley said.

As a precautionary measure, LinkedIn issued security tips in a blog post Wednesday. The company said users should change passwords at least every few months and avoid using the same ones on multiple sites.

LinkedIn also had suggestions for making passwords stronger, including avoiding passwords that match words in a dictionary. One way is to think of a meaningful phrase or song and create a password using the first letter of each word.

Cluley said hackers are working together to break the encryption on the passwords.

“All that’s been released so far is a list of passwords and we don’t know if the people who released that list also have the related email addresses,” he said. “But we have to assume they do. And with that combination, they can begin to commit crimes.”

It wasn’t known who was behind such an attack.

LinkedIn Corp. referred repeated requests for comment to the company’s Twitter feed, where it said its team was “looking into reports of stolen passwords.”

Story Continues →

View Entire Story

Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Comments
blog comments powered by Disqus
TWT Video Picks