LinkedIn Reportedly Loses Over 6 Million Passwords

Earlier this morning, The Verge reported that a user in a Russian forum had obtained nearly 6.5 million passwords from the business networking site LinkedIn. The passwords, which didn’t include attached usernames and were encrypted according to the reports, don’t seem to be in immediate danger of being used to compromise accounts. Security experts are nonetheless advising LinkedIn users to change their passwords as soon as possible.

Beyond this individual breach, LinkedIn has a bigger problem to face: how did this information get out into the open and how do they respond in order to calm possible fears of uploading any sensitive information to the company’s site?

While there are some personal details on LinkedIn, most of what users store on there is intended to be public information. Still, having access to contacts that a hacker could use for phishing attempts as well as a password that a user might frequently use is bad enough. And for customers who pay to use the site (either with a premium account or through the purchase of job posting and advertising), somebody being able to access user accounts and passwords might be able to access that information as well.

Article Continues Below

As of this writing, LinkedIn’s official PR account has yet to confirm the breach, saying:

LinkedIn is one of the top sites that recruiters use to find talent. As of March 31st of this year, the site had over 161 million accounts. Using that figure, the reported compromise of over 6 million passwords would constitute less than 5% of the LinkedIn user population.

Lance Haun is the practice director of strategy and insights for The Starr Conspiracy, where he focuses on researching and writing about work technology. He is also a former editor for ERE Media, broadly covering the world of human resources, recruiting, and sourcing. 
He has been featured as a work expert in publications like the Harvard Business Review, The Wall Street Journal, Fortune, MSNBC, Fast Company, and other HR and business websites.
He's based in his Vancouver, Wash., home office with his wife and adorable daughter. You can reach him by email or find him off-topic on Twitter.