LinkedIn Passwords Leaked Online

Social Media

Share this Post

[UPDATE 2] LinkedIn has confirmed the security breach and invalidated the affected passwords. Users can reset their password to regain access to their accounts. Read the full story.

[UPDATE] LinkedIn has tweeted an update on the situation from their end. They state that they have not been able to confirm a security breach. This could mean that LinkedIn simply hasn't found any evidence yet, or it could mean that the hackers on the forum were mistaken that the hashes were LinkedIn passwords. More updates will follow.

Our team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred. Stay tuned here.
9 minutes ago via web · powered by @socialditto
 Reply  · Retweet  · Favorite

[ORIGINAL ARTICLE] A hacker has leaked a massive 118 Mb hash file that contains the passwords of more than 6.4 million LinkedIn users. The file was posted to a Russian forum and fellow hackers have begun to decrypt the hash.

The file was first leaked yesterday afternoon, and the first report of passwords being cracked came two hours later. The latest update on the forum, which is currently offline, brings the total number passwords that have been compromised to over 200,000. Weaker passwords are likely the ones that have already been compromised.

LinkedIn has acknowledged the password theft in a tweet from its official Twitter account:

Our team is currently looking into reports of stolen passwords. Stay tuned for more.
49 minutes ago via TweetDeck · powered by @socialditto
 Reply  · Retweet  · Favorite

Though 6 million is only a fraction of LinkedIn's more than 150 million members, it is still disconcerting that the leak has occurred. To LinkedIn's credit, though, the passwords were hashed, meaning the company was taking reasonable precautions with regards to password security. Server security, on the other hand, is another matter. There is still the question of how the hash file was obtained in the first place.

We will continue to provide more information on the situation as it develops. There is no way to tell whether your password has been compromised short of searching through the passwords already leaked, but it certainly wouldn't hurt users to change their password for LinkedIn, and for any other services using the same password.