LinkedIn Passwords in Jeopardy
June 6, 2012

LinkedIn Passwords In Jeopardy

Michael Harper for

Those dastardly cyber-criminals are at it again, and this time they´ve broken into popular professional and social networking service LinkedIn.

According to DagensIT, a Russian hacker website is now home to 6.5 million LinkedIn passwords. DagensIT reports that the hackers responsible posted a rather large file on a Russian hacker forum board and let others set in to crack the files. Once cracked, the file was determined to contain the LinkedIn passwords. Currently, DagensIT says roughly 300,000 passwords have been cracked and decoded, but the number continues to grow as more hackers have a go at cracking the codes.

LinkedIn has yet to officially announce the news, though a recent Tweet from the company reads “Our team is currently looking into reports of stolen passwords. Stay tuned for more."

Elsewhere on Twitter, several users are reporting seeing their password hashes float around as hackers are dumping what information they have. These passwords are of the SHA-1 unsalted variety, which are said to be less secure than salted passwords. Though less secure, Tech Crunch says it could take some time for these hackers to figure out these passwords. That is, unless, the password contains an easy phrase or dictionary word.

So far, the data released by the Russian hackers doesn´t seem to include further personal details, such as email addresses. Still, security professionals everywhere are suggesting LinkedIn users change their passwords immediately in the name of safety.

Writing on the Naked Security blog, Graham Clueley of Sophos says that while email addresses may not be at risk, it is reasonable to assume this information could wind up in the hands of cyber-criminals. Clueley, who confirms these files contain LinkedIn passwords, also suggests changing any LinkedIn password immediately, making sure not to use the same password for some other site or service with sensitive information.

Here´s how to change a LinkedIn password:

1. Log into LinkedIn

2. Look for your name in the top right-hand corner of the screen. Click on it to call up a drop-down menu. From there, click on “Settings.”

3. Choose the option to change your password.

4. Once you´ve entered your old password, you´ll be asked to enter your new password twice.

Proper password maintenance is becoming increasingly important as more and more leaks such as these are happening every year. Sophos suggests never using the same password twice and never using dictionary words as passwords, combining both numbers and letters to create a secure password. They have posted a video tutorial here.

This report of leaked passwords comes just one day after a report of LinkedIn´s iOS app transmitting user data, such as calendars and passwords, back to company servers without the users´ knowledge. LinkedIn acknowledged this behavior, saying it collects calendar information to sync appointments with other LinkedIn users. This feature is opt-in, so users of the iOS app can turn off “Add Calendar” in the settings screen.

Again, all LinkedIn users should change their passwords immediately, and stay tuned for further updates to this story.