LinkedIn privacy scare

Millions of users of the social networking website LinkedIn have been told to reset their passwords after security information was stolen.

The site, aimed at professionals with more than 161 million members in more than 200 countries, was compromised and members’ details were posted online.

LinkedIn director Vicente Silveira said in a statement: “We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts.”

He said the company was investigating the security breach and added that those who were affected will notice their LinkedIn passwords will no longer be valid.

It is thought the passwords of more than 6.5 million people were stolen.

“Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid,” Silveira said.

“These members will also receive an email from LinkedIn with instructions on how to reset their passwords.”

Users were told they should never change their passwords by following an link sent on an email.

“These affected members will receive a second email from our customer support team providing a bit more context on this situation and why they are being asked to change their passwords,” Silveira added.

IT security and data protection firm Sophos said the leaked encrypted data does not include associated email addresses but warned that hackers will be working to crack the “unsalted” password hashes and “it is reasonable to assume that such information may be in the hands of the criminals”.

“It would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step,” Graham Cluley, senior technology consultant at Sophos, said.

“Of course, make sure that the password you use is unique – in other words, not used on any other websites – and that it is hard to crack.

“If you were using the same passwords on other websites, make sure to change them too. And never again use the same password on multiple websites.”

Silveira said LinkedIn had recently improved its security, which included the “hashing and salting” of current password databases.

PA/mjs

Comments

Comment Manually

Twitter

Last October, T2 moved into a stylish new HQ designed to boost teamwork and reflect its sustainability ethos. Then… https://t.co/dNout4TzDh

19 hours ago

Sportswear brand Lululemon has bought the in-home fitness company Mirror for US$500 million. Here's why. https://t.co/ClUk53W7KY #retail

1 day ago

Bardot has announced a new line of Australian-made denim. It's part of the fashion brand's aim to become more envir… https://t.co/g0v6sHCc4T

1 day ago