AAPL Stock: 117.81 ( -0.22 )

Printed from

Report: 6.5 million LinkedIn passwords stolen [U]

updated 04:46 pm EDT, Wed June 6, 2012

Encrypted passwords reportedly posted to Russian hacker sites

(Updated with breach confirmation from LinkedIn) Wednesday brings reports of further security woes for LinkedIn, as Norwegian site Dagens IT carries a warning that 6.5 million encrypted passwords from the professional networking site have been posted to a Russian hacker forum. The passwords are said to be in an easily-crackable encryption format, and the files posted to the hacker site may contain user data as well. LinkedIn is looking into the problem, but the company is unable to confirm the breach as of yet.

The leaked passwords are said to be "hashed,": that is, encrypted with an algorithm that turns a block of data into a fixed-size bit string such that any change to the data will also change the hash value. The problem with hashed passwords is that identical passwords will be encrypted in an identical manner; so if two users both have the password "P@$$w0rd," then cracking one means that the other is cracked as well. Security experts have reportedly been castigating LinkedIn for failing to "salt" -- add another layer of security by inserting random pieces of information into the hash -- its passwords.

LinkedIn has yet to confirm the security breach, though the company has announced in two tweets over the past few hours that it is looking into the problem. Other outlets are advising that users change passwords for their LinkedIn profile, as it is unknown exactly which users may be affected by the breach.

Should reports of the breach prove true, it would mark the second security risk for the site to emerge today. Earlier, researchers discovered that a feature in the LinkedIn mobile app for iOS gathers and transmits back unsecured data from users' calendar apps.

Update: In a post this afternoon on the LinkedIn Blog, the company confirmed that some LinkedIn account passwords had been compromised. LinkedIn has deactivated the passwords for affected accounts and sent out an email for the owners of those accounts to reset their passwords. LinkedIn's customer support team will send out a second email to affected users that will provide further information on the security breach.

Further, LinkedIn noted that the site has recently implemented improved security protocols. Passwords for LinkedIn accounts are now encrypted in a manner that includes both hashing and salting.

by MacNN Staff



  1. azrich

    Joined: Dec 1969



    This is crazy, I can not $%^&* believe this. What is going on in the frickin' world...

    I mean, How does a hole like Linkedin have over 6.5 million subscribers... Jeez

    Sorry, I thought that was funny enough to share. As for the article, they should really do something about that.

  1. qazwart

    Joined: Dec 1969


    LinkedIn Passwords aren't the issue

    Cracking the passwords means they're going to do a dictionary attack against the file. If your password is "password" or "pa55w0rd", they will discover your password. If your password was "pwqeqe123493", they won't. Others will be somewhere in between.

    However, it isn't your Linkedin account you should be worried about: It's all your OTHER accounts that use the same password. I might use "53cr3t5auc3" for not only my LinkedIn account, but my Gmail account, and my bank account. Changing your LinkedIn password isn't enough. You need to change ALL of your accounts that used a similar password.

  1. climacs

    Joined: Dec 1969


    qazwart has it right

    these days, when we all have so many passwords for everything from bank accounts to some website forum where an account was created to ask a question that one time five years ago... you're a fool to use the same password for everything. Even companies that should know better (LinkedIn, Sony) get hacked and have shockingly poor security procedures to protect your info.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented