LinkedIn investigates claims passwords stolen
Six million users of social network at risk
Security firm claims 6,458,020 passwords on net
A message on its Twitter account early today confirmed, “Our team is currently looking into reports of stolen passwords. Stay tuned for more.”
About two hours later, around 11am ET, LinkedIn posted a second message, stating that they were still investigating, “but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here.”
The alert was initially raised by Norwegian IT publication Dagens.it which reported that a Russian hacker website posted some 6.5 million encrypted passwords on its forum thought to have come from LinkedIn.
The hackers apparently wanted get help cracking the encrypted passwords.
Although LinkedIn hasn’t yet confirmed a breach, Twitter lit up with posts from users who reported that they’d seen the list of stolen passwords.
Internet security firm Sophos later confirmed that a file containing 6,458,020 encrypted passwords was, in fact, posted on the internet.
“Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals,” Sophos said in a statement. “Investigations by Sophos researchers have confirmed that the file does contain, at least in part, LinkedIn passwords.”
Sophos recommended that all LinkedIn users change their passwords as a precaution.