LinkedIn hit by 6.5m password leak

Powered by SC Magazine
 

Users warned of phishing attempts.

Social networking site LinkedIn has confirmed claims of a breach to user accounts on the social network after a file containing almost 6.5 million passwords for the site was leaked to a Russian internet forum.

After initially investigating reports of the breach at about 11pm AEST, LinkedIn director Vincente Silveira confirmed that "some of the passwords that were compromised correspond to LinkedIn accounts".

Some users reported finding their password as hashes on the leaked list, a 118 MB ZIP file posted online sometime overnight.

BBC News reported that the alleged hackers were seeking help to decrypt the password file.

Silveira said affected users would be prompted to change their passwords when they next logged into the social network and would receive further information on the issue in near future.

"It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place," Silveira said.

The enhanced security, he said, included hashing and salting of password databases, a measure security researchers said was not available on the passwords leaked overnight.

Both Silveira and F-Secure's Mikko Hypponen warned users to "prepare for scam emails about Linkedin password changes, linking to phishing sites".

iOS security

The breach comes less than a day after researchers discovered poor security practices in LinkedIn’s iOS app, which appeared to send detailed calender entries entered by users – including times, addresses and personal meeting notes – to its servers without encryption.

Adi Sharabani and Yair Amit said transmission of the calendar entries took place without prompting or warning users.

LinkedIn denied the notion of information being transmitted without user approval.

"In order to provide our calendar service to those who choose to use it, we need to send information about your calendar events to our servers so we can match people with LinkedIn profiles," mobile product head Joff Redfern said.

"That information is sent securely over SSL and we never share or store your calendar information."

The social network committed to stop sending data from user-added meeting notes in the iOS app to LinkedIn servers, Redfern said.

LinkedIn reports some 150 million users currently.

Copyright © iTnews.com.au . All rights reserved.


LinkedIn hit by 6.5m password leak
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 333

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 138

Vote