Wednesday, June 6, 2012

LinkedIn Accounts Likely Compromised

Over 6.5 million LinkedIn accounts have reportedly been compromised by a group of Russian hackers. The stolen passwords were then posted on an online forum and many of the encrypted passwords that were posted have already been identified by users of LinkedIn.

Many of these passwords ironically contain the word "linkedin." Other popular versions of the passwords included:"linkedout," "recruiter," "googlerecruiter," "toprecruiter," "superrecruiter," "humanresources" and "hiring."

A spokesperson for LinkedIn says that they are "unable to confirm that any security breach has occurred," and will continue an investigation.

If you are a LinkedIn user, you may want to change your password for your account. As always, keep your passwords safe and secure by only clicking on trusted links, changing your passwords periodically and don't use common words like: "password" or "123456." For a list of the 25 most common passwords in 2011, click here. For information on setting strong passwords, check out this article from MSN.

***UPDATE***
LinkedIn Posted this on its blog:
We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:
  1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
  2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email.
  3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.
We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously, if you haven’t read it already it is worth checking out my earlier blog post today about updating your password other account security best practices.

No comments:

There was an error in this gadget