Two hours later, the company posted a second tweet saying that it was still unable to confirm if a security breach had occurred.
While the passwords appear to be encrypted, security researcher Marcus Carey warned that users should not take solace from such security measures.
“If a website has been breached, it doesn’t matter what encryption they’re using because the attacker at that point controls a lot of the authentication,” said Carey, who works at security-risk assessment firm Rapid7. “It’s `game over’ once the site is compromised.”
He said that if the breach is confirmed, he expects LinkedIn to require users to change their passwords with the threat of locking them out of the site if they don’t. Full containment of a breach would only be possible if every single password is changed or users are disabled, he said.
Cluley also warned that LinkedIn users should be careful about malicious email generated around the incident. The fear is that people, after hearing about the incident, would be tricked into clicking on links in those emails. Instead of getting to the real LinkedIn site to change a password, it would go to a scammer, who can then collect the information and use it for criminal activities.
Shares of LinkedIn, which is based in Mountain View, California, fell 49 cents, or 0.5 percent, to $92.51 in U.S. afternoon trading Wednesday.
By Elaine Donnelly
Extending sexual misconduct to combat units
Independent voices from the TWT Communities
Politics, economics, and business from a real world perspective.
Consummate traveler Todd DeFeo explores the unique stories that make destinations worth going to.
It's a big world to play in, and learn from. Join us as we travel the boundaries and beyond.
The Red Thread is written for that special tribe: adoptive families and those who hope to be.
Benghazi: The anatomy of a scandal
Vietnam Memorial adds four names
Cinco de Mayo on the Mall
NRA kicks off annual convention