Statistics Script

Search This Blog

Wednesday, June 06, 2012

LinkedIn investigating reports that 6.46 million hashed passwords have leaked online (update)

It's worth noting that the passwords are stored as unsalted SHA-1 hashes. SHA-1 is a secure algorithm, but is not foolproof. LinkedIn could have made the passwords more secure by 'salting' the hashes, which involves merging the hashed password with another combination and then hashing for a second time. Even so, unless your password is a dictionary word, or very simple, it will take some time to crack. We've reached out to LinkedIn to determine the accuracy of the claims, but in the meantime, we recommend changing your password just in case. http://www.theverge.com/2012/6/6/3067523/linkedin-password-leak-online

2 comments:

Gene Prescott said...

The company's (LinkedIn) latest tweet simply states that "our team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred. Stay tuned here."

Gene Prescott said...

"We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts," Vicente Silveira, a director at the professional social networking site, wrote in a blog post.

LinkedIn has disabled the passwords on those accounts, it said. Account holders will receive an e-mail from LinkedIn with instructions for resetting their passwords. The e-mails will not include any links. Phishing attacks often rely on links in e-mails that lead to fake sites designed to trick people into providing information, so the company says it will not send links in e-mails.

Affected account holders will then receive a second e-mail from LinkedIn customer support explaining why they need to change their passwords.