23 July 2017
visit www.finastra.com

Hacker posts 6.4 million LinkedIn passwords on the Web

06 June 2012  |  16161 views  |  1 biometrics - eye

More than 6.4 million LinkedIn passwords have been posted on to the Web by Russian hackers who claim to have busted the professional business network's security walls.

The passwords leaked to the Internet have been encrypted, but hackers are pulling together to crack them. Up to 300,000 of the stolen passwords have already been decoded.

LinkedIn has yet to confirm the claims, made by an anonymous Russian hacker, but tweeted that its tech team is "currently looking into reports of stolen passwords".

The site is used by 150 million professional business users worldwide. If the hackers have the associated e-mails linked to the stolen password, it could prove a valuable trove of high net worth data.

Security professional across the Web are recommending that LinkedIn users change their passwords as soon as possible as a precautionary measure.

The hack has also brought to light once again the importance of properly storing customer details. The database of passwords was encrypted using outdated SHA-1 encryption and were not 'salted' (where a random string of numbers is added to the encryption to increase the safety of the stored information).

Forensic experts at Manchester-based hosting company UKFast cracked 2000 of the passwords in just 10 minutes using only a standard computer's processing unit. With added power from a graphics card (GPU), this would be greatly speeded up.

Update: LinkedIn has confirmed the breach and updated its security protocols. Writing in the LinkedIn blog, Vincente Silveira states:

We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:

Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.

These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.

These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

We sincerely apologize for the inconvenience this has caused our members.

Comments: (1)

Pat Carroll
Pat Carroll - ValidSoft - London | 07 June, 2012, 17:54

We store a lot of information about ourselves on social media sites like LinkedIn and Facebook. This incident is essentially a data breach – and there will be more breaches like this to come. Although we may not prevent criminals from stealing the data, we can stop them from using it to access our bank accounts through guessing the answers to security questions, for example. Instead of using passwords which are hard to remember and therefore, the same one is often used for several social media accounts, we should move towards voice biometrics for authentication. A voice print is not only difficult for an imposter to replicate and can therefore play an important role in a multi-layered approach to authentication, but a voice print can also be screened in real-time against a known database of fraudsters’ voice prints.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Aussie regulator warns online traders after account breaches

Aussie regulator warns online traders after account breaches

20 January 2012  |  5401 views  |  0 comments
Saudi hacker posts Israeli card details

Saudi hacker posts Israeli card details

03 January 2012  |  7919 views  |  0 comments
OpRobinHood: hackers steal credit card details to give to poor

OpRobinHood: hackers steal credit card details to give to poor

30 November 2011  |  10904 views  |  0 comments
Hackers dump Citigroup CEO personal data on the Web

Hackers dump Citigroup CEO personal data on the Web

18 October 2011  |  9249 views  |  0 comments
Password protection shattered by cheap GPUs

Password protection shattered by cheap GPUs

04 October 2011  |  9812 views  |  3 comments
Citi hackers steal $2.7m

Citi hackers steal $2.7m

27 June 2011  |  12335 views  |  1 comments
Citigroup hackers broke in through the public Website - NYTimes

Citigroup hackers broke in through the public Website - NYTimes

15 June 2011  |  11289 views  |  0 comments
'Hackers' take over bank's IT network with info found online

'Hackers' take over bank's IT network with info found online

29 April 2010  |  17584 views  |  1 comments

Related blogs

Create a blog about this story (membership required)
visit www.finastra.comvisit www.worldpaymentsreport.comvisit vasco.com/news/PSD2-compliant-solutions

Top topics

Most viewed Most shared
German fintech factory FinLeap raises EUR39 millionGerman fintech factory FinLeap raises EUR3...
13655 views comments | 19 tweets | 15 linkedin
Mastercard to buy AI outfit BrighterionMastercard to buy AI outfit Brighterion
9866 views comments | 14 tweets | 20 linkedin
Barclays rides payments-as-a-service wave with investment in Form3Barclays rides payments-as-a-service wave...
8840 views comments | 16 tweets | 12 linkedin
hands typing furiouslyThe Digital Trade Chain: the blockchain tr...
8371 views 0 | 8 tweets | 16 linkedin
Mastercard and Scotiabank join Enterprise Ethereum AllianceMastercard and Scotiabank join Enterprise...
7375 views comments | 25 tweets | 16 linkedin