LinkedIn has finally confirmed that about 6.5 million member passwords were stolen and leaked. But the company is not sure if associated email addresses were also stolen or not.
LinkedIn is now working with the FBI to investigate the theft of member passwords. The company assured its members in a blog post saying that they are working hard to protect all the personal data. This social networking company has nothing new to say about this security breach, which just raises more questions than it answers.
The company didn’t reveal anything about the way these passwords were obtained. LinkedIn’s Director, Vicente Silveira just said that about 6.5 million passwords of LinkedIn account were posted on a Russian hacker website. The company didn’t confirm the number of hacked accounts in the post. He believes the passwords are quite hard to decode and are hashed. "But unfortunately a small subset of the hashed passwords was decoded and published," Silveira added.
The accounts associated with these passwords might be safe. LinkedIn has not found any evidence of “LinkedIn account details” posted with passwords online. Silveira said, "Nor have we received any verified reports of unauthorized access to any member's account as a result of this event."
The company has locked down all the accounts associated with the revealed passwords. "We've invalidated those passwords and contacted those members with a message that lets them know how to reset their passwords," Silveira said. "Going forward, as a precautionary measure, we are disabling the passwords of any other members that we believe could potentially be affected," he added.
Security experts believe using SHA-1 hashing algorithm as the only algorithm is not enough to protect member passwords. It does provide a level of security but is not good enough.
These security breaches often lead to account takeovers and scams. The London-based company, Last.fm also faced a security leak recently and asked their users to change their passwords.