Receive daily articles & headlines each day in your inbox with your free ERE Daily Subscription.

Not logged in. [log in or register]

LinkedIn Reportedly Loses Over 6 Million Passwords

by Jun 6, 2012, 2:04 pm ET

Earlier this morning, The Verge reported that a user in a Russian forum had obtained nearly 6.5 million passwords from the business networking site LinkedIn. The passwords, which didn’t include attached usernames and were encrypted according to the reports, don’t seem to be in immediate danger of being used to compromise accounts. Security experts are nonetheless advising LinkedIn users to change their passwords as soon as possible.

Beyond this individual breach, LinkedIn has a bigger problem to face: how did this information get out into the open and how do they respond in order to calm possible fears of uploading any sensitive information to the company’s site?

While there are some personal details on LinkedIn, most of what users store on there is intended to be public information. Still, having access to contacts that a hacker could use for phishing attempts as well as a password that a user might frequently use is bad enough. And for customers who pay to use the site (either with a premium account or through the purchase of job posting and advertising), somebody being able to access user accounts and passwords might be able to access that information as well.

As of this writing, LinkedIn’s official PR account has yet to confirm the breach, saying:

LinkedIn is one of the top sites that recruiters use to find talent. As of March 31st of this year, the site had over 161 million accounts. Using that figure, the reported compromise of over 6 million passwords would constitute less than 5% of the LinkedIn user population.

This article is provided for informational purposes only and is not intended to offer specific legal advice. You should consult your legal counsel regarding any threatened or pending litigation.