- U.N. Human Rights head accuses Israel of war crimes
- CBP Commissioner: Border is ‘more secure and more safe’
- Obama dispatches researchers to border to check on National Guard
- Dutch receiving Malaysia plane bodies irked at Putin’s daughter in Holland
- Algerian airplane goes missing over Mali: ‘Emergency plan’ launched
- Colorado judge strikes voter-backed gay marriage ban, but issues stay
- Brooklyn Bridge flag-swapping suspects identified by nickname
- Christian woman in Sudan spared for apostasy flies to Italy
- Iraq: 60 dead in attack on prisoner convoy
- Marco Rubio: U.S. at social, moral crossroads
Some LinkedIn passwords stolen, leaked online
Question of the Day
LONDON (AP) - Business social network LinkedIn said Wednesday that some of its users' passwords have been stolen and leaked onto the Internet.
LinkedIn Corp. did not say how many of the more than six million passwords that were distributed online corresponded to LinkedIn accounts. In a blog post Wednesday, the company said it was continuing to investigate.
Graham Cluley, a consultant with U.K. Web security company Sophos, recommended that LinkedIn users change their passwords immediately.
LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought. Companies, recruiting services and others have accounts alongside individuals who post resumes and other professional information.
There's added concern that many people use the same password on multiple websites, so whoever stole the data could use the information to access Gmail, Amazon, PayPal and other accounts, Cluley said.
Before confirming the breach, LinkedIn issued security tips as a precautionary measure. The company said users should change passwords at least every few months and avoid using the same ones on multiple sites.
LinkedIn also had suggestions for making passwords stronger, including avoiding passwords that match words in a dictionary. One way is to think of a meaningful phrase or song and create a password using the first letter of each word.
Cluley said hackers are working together to break the encryption on the passwords.
"All that's been released so far is a list of passwords and we don't know if the people who released that list also have the related email addresses," he said. "But we have to assume they do. And with that combination, they can begin to commit crimes."
It wasn't known who was behind such an attack.
LinkedIn's blog post had few details about what happened. It said compromised passwords have been deactivated, and members with affected accounts will be sent emails with further instructions.
While the passwords appear to be encrypted, security researcher Marcus Carey warned that users should not take solace from such security measures.
"If a website has been breached, it doesn't matter what encryption they're using because the attacker at that point controls a lot of the authentication," said Carey, who works at security-risk assessment firm Rapid7. "It's `game over' once the site is compromised."
Cluley warned that LinkedIn users should be careful about malicious email generated around the incident. The fear is that people, after hearing about the incident, would be tricked into clicking on links in those emails. Instead of getting to the real LinkedIn site to change a password, it would go to a scammer, who can then collect the information and use it for criminal activities.
LinkedIn said its emails will not include any links.
Shares of LinkedIn, which is based in Mountain View, California, gained 8 cents to close Wednesday at $93.08.
Follow Cassandra Vinograd on Twitter at http://twitter.com/CassVinograd
TWT Video Picks
The subsidies are a hit with patients who don't exist
- 'We're coming for you, Barack Obama': Top U.S. official discloses threat from ISIL terrorists
- Algerian airplane goes missing over Mali: 'Emergency plan' launched
- Despite rhetoric, gun prosecutions plummet under Obama
- House task force to recommend National Guard on border, faster deportations
- Obama orders Pentagon advisers to Ukraine
- Obama says public not familiar enough with issues
- CROWLEY: The good-time president
- Hamas rejects Kerry's call for cease-fire; Hezbollah in Syria could join fight against Israel
- NAPOLITANO: What if our democracy is a fraud?
- EDITORIAL: Poor Hillary, rock-star wannabe
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq