LinkedIn Users: Change Password Now

  /     /     /  
Publicated : 22/11/2024   Category : security


LinkedIn Users: Change Password Now


Attackers appear to have obtained--and may have already decrypted--at least 6.5 million LinkedIn passwords.



All users of the LinkedIn social network should immediately change their password.
Security experts began broadcasting that warning Wednesday after reports emerged that nearly 6.5 million LinkedIn password hashes--
encrypted using SHA1
, but not salted--had been posted to a Russian hacking forum on Monday, together with a request to help decrypt them.
Hackers have already reported breaking 163,267 of the passwords, reported Norwegian news outlet Dagen IT, which Wednesday
broke the news
of the LinkedIn password breach.
LinkedIn confirmed that its investigating the potential password breach. Our team is currently looking into reports of stolen passwords. Stay tuned for more, read a Wednesday
tweet
from LinkedIn News.
[ Read about how hackers accessed a Romney Webmail account. See
Romney Campaign Investigates Hotmail Account Hack
. ]
What should LinkedIn users do? First change your LinkedIn password. Then prepare for scam emails about Linkedin password changes, linking to phishing sites. Will happen, said Mikko Hypponen, chief research officer at F-Secure,
via Twitter
.
Security expert Per Thorsheim
tweeted
that hed reviewed the uploaded password hashes and recovered at least 300,000 of them. The number of [occurrences] of linkedin in those passwords leave little doubt about the origin. Change password NOW! Meanwhile, a post from the Security Ninja websites
Twitter feed
noted that after getting the list of @linkedin hashes and hashing my old pwd with no salt there is a match for the hash in the list. Accordingly, it said that it was best to assume the worst and change your password.
Evidently, LinkedIn didnt
salt its passwords
--a practice recommended by security experts that involves adding a unique string to each password before encrypting it. Had the passwords been salted, it would have made them more difficult for attackers to reverse the
SHA1 password hashes
. In fact, attackers may have already decrypted the passwords, and they may also have users passwords and email addresses. Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals, said Graham Cluley, senior technology consultant at Sophos, in a
blog post
.
The Computer Emergency Response Team of Finland (CERT-FI) Wednesday
warned
that many more than the 6,458,020 uploaded password hashes are likely to have been obtained by attackers. Not all LinkedIn passwords have been published, but it is likely that an attacker is in possession of the rest of the passwords, it said.
According to LinkedIn, as of March 31, 2012, it had
161 million members
.
CERT-FI also advised anyone who had
reused their LinkedIn password
on another site to immediately change it there as well, since it will be
at risk of being hacked
by anyone who downloads and reverses the uploaded LinkedIn password hashes.
More and more organizations are considering development of an in-house threat intelligence program, dedicating staff and other resources to deep inspection and correlation of network and application data and activity. In our
Threat Intelligence: What You Really Need to Know
report, we examine the drivers for implementing an in-house threat intelligence program, the issues around staffing and costs, and the tools necessary to do the job effectively. (Free registration required.)

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
LinkedIn Users: Change Password Now