LinkedIn Probes Possible Password Theft

Social Network Says It Can't Confirm Reports of a Breach
LinkedIn Probes Possible Password Theft

LinkedIn says it's investigating reports that the social network was breached and that hackers uploaded nearly 6.5 million passwords.

See Also: Webinar | Prisma Access Browser: Boosting Security for Browser-Based Work

On Twitter, LinkedIn said in a late morning EDT post on June 6: "Our team continues to investigate, but at this time, we're still unable to confirm that any security breach occurred. Stay tuned here."

Norwegian IT security blogger Per Thorsheim, on his Twitter account, says that many people confirmed their unique passwords have been leaked or stolen.

Initial reports came from the website The Verge, which disclosed a claim in a Russian online forum that a user uploaded hashed passwords but no user names.

According to The Verge, the passwords are stored as unsalted SHA-1 hashes, a secure algorithm, though one that's not foolproof. "LinkedIn could have made the passwords more secure by 'salting' the hashes, which involves merging the hashed password with another combination and then hashing for a second time," The Verge reports. "Even so, unless your password is a dictionary word, or very simple, it will take some time to crack."


About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.