Millions of LinkedIn passwords reportedly leaked online

I came across this today and thought I would warn everyone

Millions of LinkedIn passwords reportedly leaked online

by Lance Whiney

LinkedIn users could be facing yet another security problem. A user in a Russian forum says that he has hacked and uploaded almost 6.5 million LinkedIn passwords, according to The Verge. Though his claim has yet to be confirmed, Twitter users are already reporting that they’ve found their hashed LinkedIn passwords on the list, security expert Per Thorsheim said.

LinkedIn revealed through its own tweet that it’s looking into reports of stolen passwords, and it advised users to stay tuned for more information. Many of the hashes include the word “linkedin,” which The Verge believes lends credibility to the reports. LinkedIn passwords are encrypted using an algorithm known as SHA-1, which is considered very secure. Complex passwords will likely take some time to decrypt, but simple ones may be at risk.

Sophos security expert Graham Cluley is advising LinkedIn users to change their passwords as soon as possible, at least as a precaution. If the report is true, then hackers are undoubtedly working hard to decrypt the hashed, or unsalted, passwords.

“Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals,” Cluley added.

The report of the leaked passwords comes hard on the heels of word from security researchers that LinkedIn’s iOS app is collecting information from calendar entries — including passwords — and transmitting it back to the company’s servers without users’ knowledge.

In response to concerns over this collection of data, LinkedIn yesterday tried to explain how and why it captures this information. The company acknowledged that it picks up information from the Calendar app on your iOS device to try to sync any appointments listed with fellow LinkedIn users. The feature is opt-in, so users of the LinkedIn IOS app can turn off the ability to “Add Calendar” in the Settings screen.

The details sent to LinkedIn’s server include the e-mail addresses of the people you meet with, the meeting subject, the location, and any meeting notes. The calendar data is sent securely using SSL encryption and isn’t shared or stored, LinkedIn added.

But in a concession to concerned users, the company has promised two tweaks to the feature. It will no longer pick up meeting notes from your calendar. And it will add a “learn more” link to explain how your calendar data is being used.

LinkedIn did not address the question of whether passwords are being collected along with the meeting information.

To change your LinkedIn password, log onto your account. Click on your name in the upper right corner and then click on the link for Settings. In the Settings section, click on the Change link next to Password. You’ll be prompted to to enter your old password and then create a new one. Aim to pick a complex password that’s not easy to decipher. Then click on the Change Password button.

CNET contacted LinkedIn for further details and will update the story when we get more information.

Here is the url to the acutal story

http://news.cnet.com/8301-1009_3-57448079-83/millions-of-linkedin-passwords-reportedly-leaked-online/?tag=mncol;editorPicks

Back

What Clients Say About Patrice & Associates

  • Ms. Ross was great!

    First and foremost, I want to thank Carla Ross for helping me get the opportunity I was looking for. I was looking for a good job back in my home town and she definitely delivered. She was so nice and professional, and she made the process so fast and easy. I also love the fact she checked on me after I got hired.   Shareef Phillips Ms. Ross was great!
  • James was a true professional! 

    From to the first time we spoke, he knew the right questions to ask to help me refine my presentation.  He kept me informed every step of the way of my interview process and followed up after my employment started.  He deserves all my thanks.
    Jeremy Slade
    James was a true professional!
  • Working with David at Patrice and Associates was an excellent experience!

    David is super professional and really took a lot of time to talk with me, get to know what my needs are and match me with the best possible position. I always received speedy replies to any questions I had, and he was always accessible and accommodating to me throughout the process. I highly recommend working with this group for your needs, and would happily work with them in the future should I ever look for new opportunities. Thank you, Johnny Morgan Working with David at Patrice and Associates was an excellent experience!
  • Margo was fantastic!

    Throughout the process, she was able to get and keep me prepared and ready to answer any questions or curveballs that came my way.  I was better prepared during this interview process than I have ever been before.  A normally stressful process was made less so thanks to Margo.  She was the one that initially brought the opportunity to my attention and was there every step of the way to ensure I was successful.
    Thank you,
    Adam Saia
    Margo was fantastic!
  • I would like to say thank you for this great opportunity and helping me with the next mile stone on my career path.

    At first when I received the email I was uncertain that this would work. Upon talking to Michelle I discovered that not only was she really nice, but also quite resourceful. I started the process on a Tuesday and literally one week later I was offered a job on the spot, thanks to all of her assistance. We talked and I was able to be open with her.  She was able to put me in the mindset of my now area manager to go over what to say and do, and what to leave out during the interview. We went over resumes and she showed me how to improve mine so that I stood out. Overall if I ever had to do this again I would gladly work with Michelle but I’m secure in my career path.  Thanks again to Patrice and Associates, and Michelle! Keyona Ellis