Six and a half million users of the ubiquitous business networking site LinkedIn have apparently had their passwords stolen.
Online security experts say site members should change their passwords right away.
As of this morning, PC World reported, only a minority of the passwords appeared to have actually been exposed. A file containing the 6.5 million security codes showed up on a Russian online forum, but the codes were “hashed”—meaning they’d been encrypted. However, according to PC World, the algorithm used allows hackers to decipher simple passwords fairly easily because it does not include “salting,” or the addition of random characters.
The uploaded file did not include usernames, but experts say that doesn’t mean that whoever stole the passwords does not have those as well.
LinkedIn has said it’s looking into the reports. At 11:18 this morning, the company tweeted “Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here.” However, many users are reporting that they’ve been able to find their own hashed passwords in the leaked file.
LinkedIn has a total of 150 million users worldwide, so ZDNet writer Zack Whittaker points out the breach appears so far to affect a small portion of the user base. However, Whittaker also notes that the breach could be a major blow to the site’s reputation.
The incident comes on the heels of a report that a LinkedIn calendar app on iOS operating systems sends information back to the company without explicit permission. LinkedIn responded that this is done only if users opt in and that the information sent is kept secure.