Hackers Steal over 6M LinkedIn Account Passwords

| News

Hashed versions of user passwords from LinkedIn accounts have been snatched up and posted on a Russian hacker website and the group is now looking for help in extracting the actual passwords from the data.

While some LinkedIn users are confirming via Twitter that they found the encrypted version of their password in the hacked data, LinkedIn is only saying that it is looking into the reports.

LinkedIn loses 6.5 million passwordsLinkedIn loses 6.5 million passwords

LinkedIn users should change their account password even though the number of potentially compromised accounts make up less than 10 percent of service subscribers. LinkedIn passwords can be changed by logging into your account, choosing Settings from the drop down menu linked to your name in the website’s upper right corner, then clicking the Account button.

Unfortunately for LinkedIn, its headache doesn’t stop with stolen passwords. The company is also dealing with fallout from the news that its iPhone and iPad apps collect user calendar data and meeting notes as plain text.

LinkedIn responded by saying that it doesn’t store or share the information it collects, and that calendar and notes data is transmitted to its servers over a secure connection. The company also pointed out that using its synced calendar service is active only when users enable the feature.

The company also said, “We do not under any circumstances access your calendar data unless you have explicitly opted in to sync your calendar,” and added that it is dropping sync support for meeting notes with an app update that’s awaiting approval on Apple’s App Store.

[Thanks to Dagens IT for the heads up (translation)]

[Some image parts courtesy Shutterstock]

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

ilikeimac

“Hashed” is not the same thing as “encrypted”. Please don’t confuse the two.

Assuming the hash and the password are both “strong” I guess it would still take a few days of brute forcing (on a single computer) to get each password.

Jeff Gamet

Thanks for catching that, ilikeimac. “Encrypted” shouldn’t have been there, and it’s gone now.

Log-in to comment