Tim Frederick Tech

LinkedIn 6.5 Million Passwords Leaked, Probe Underway

Insidepro.com, a Web site devoted to password cracking has seen its forums inundated with 6.5 million passwords belonging to LinkedIn users in a series of forum posts over the past few days.

LinkedIn and its users were not the only ones stung by the exploits of the mysterious hacker. As many as 1.5 million passwords for the dating website eHarmony were also uploaded to the forum.

LinkedIn at first denied any knowledge of a security breach, but has since confirmed that some user's information may have been compromised. Several LinkedIn users have also confirmed that they found their passwords among the posted list, lending legitimacy to it.

While the news is dire and prompts serious questions about LinkedIn's security, the good news for users who may have been affected is that they should have time to change their passwords and avoid unwanted access to their accounts.

The data is still partially SHA1 encrypted; the passwords are visible, but without cracking the encryption, there's no account information to go with them.

With more than 150 million users, the leaked list represents less than 5% of the user base. The question of whether the posted list covers all of the stolen data, or only the data that the posting user 'dwdm' needed help cracking still remains. Therefore, it's advised that all users immediately change their passwords, regardless of whether they find their password in the posted list or not.

This breach comes hot on the heels of another security snafu that has put LinkedIn in hot water with users and privacy advocates. It was discovered that their iOS calendar app was collecting data related to events in your calendar and uploading it to LinkedIn, in an effort to sync your events with those of other users. Though LinkedIn claims it is not storing or sharing the information, which includes the e-mails of friends, and the dates and locations of events, it has promised in a small concession to stop collecting the meeting notes that users make for those events. The calendar feature is opt-in, and can be turned off by users.

Still, that pales in comparison to their current plight, and many questions remain to be answered as to just how large the breach was, how it happened, and how to ensure it will not happen in the future.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Tags

More from iTechPost