Popular professional social network LinkedIn is checking reports of a massive security breach. Details are very sketchy but it all stems from posts on a Russian hacker forum. Check out the rest of the story on the LinkedIn breach after the jump.
Professional social networking service LinkedIn today said it is investigating reports that hackers broke into its systems and accessed the usernames and hashed passwords of the social network’s 6.5 million members.
The data was said to be posted on an online Russian hacker forum.
In numerous Twitter messages, LinkedIn told its members that it’s investigating the breach reports, and that it can’t yet confirm that hacker had accessed the site.
One said: “Our team is currently looking into reports of stolen passwords. Stay tuned for more.”
One security researcher today said that he has downloaded a file from a Russian hacker website containing more than 6.4 million hashed passwords.
Marcus Carey, a security researcher at Rapid7, said he also downloaded two separate files containing more than 300,000 passwords collected by the hackers. The hackers accessed the passwords by using simple password cracking tools, Carey said.
Though it is not immediately possible to confirm if the hashed passwords were in fact accessed from LinkedIn’s servers, there are numerous anecdotal reports that users have seen their LinkedIn password posted online, he said.
So far, he added, there is no evidence that emails associated with the passwords have also been accessed, though that remains a possibility.
Carey noted that the hackers might still have access to the LinkedIn servers.
According to him, a look at the data that was posted online suggests that the hackers may have had access to the data for sometime.
Users of LinkedIn should immediately change their passwords to protect their accounts, he said.
