Allegations that the site’s security had suffered a massive breach were reported earlier in the day. According to some reports, as many has 6.5 million users may have been affected.
Security blogger Graham Cluley described the breach on his blog. According to Cluley, “A file containing “6,458,020 SHA-1 unsalted password hashes has been posted on the internet, and hackers are working together to crack them.”
Cluley went on to note that the passwords were not associated with email addresses, but, he said, “it is reasonable to assume that such information may be in the hands of the criminals.”
On its blog, LinkedIn confirmed some aspects of the breach.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” LinkedIn director Vincent Silveira said on the company’s blog.
According to Silveira, the company has taken several steps to protect accounts.
“Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid,” he said.
Those falling into that category will receive an email from the with instructions on how to reset their passwords.
“There will not be any links in this email,” Silveira said. “Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.”
LinkedIn users with affected accounts will also receive an additional explanatory email from the company that will provide “a bit more context on this situation and why they are being asked to change their passwords.”
Users of the site, which is popular with professionals, may be wise to change their passwords even if their’s were not among those identified by LinkedIn as compromised.
“[I]t would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step,” advised security researcher Cluley. “Of course, make sure that the password you use is unique (in other words, not used on any other websites), and hard to crack.”
Image Credit: CC BY-NC-ND 2.0/Shekhar_Sahu