Phuket Gazette: LinkedIn passwords released by hackers

Legacy Phuket GazetteThursday, June 7, 2012Last Updated: Thursday, June 7, 2012

228 2 minutes read

Phuket Gazette: LinkedIn passwords released by hackers

PHUKET MEDIA WATCH

– World news selected by Gazette editors for Phuket’s international community

Russian hackers release up to 6.5 million LinkedIn passwords

Phuket Gazette / News Wires

PHUKET: Russian hackers have obtained and released the passwords of up to 6.5 million accounts on the popular professional networking website LinkedIn, according to a web posting yesterday.

LinkedIn director Vicente Silveira confirmed in a blog post that at least some of the more than 6.4 million passwords released on a Russian forum correspond to LinkedIn accounts. The leaked passwords were camouflaged with a common cryptographic code called SHA-1 hash, which is considered weak unless extra security layers are added.

“It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases,” Silveira said.

Camouflaging passwords with SHA-1 is considered weak because it translates the same text the same way every time. For instance, if one user’s password is “password”, the resulting code will be the same when another user also uses “password.” This is why security experts recommend adding a security layer called “salt,” which adds another piece of information to the code to make it almost impossible to decode.

The file released on the Russian forum on Wednesday did not contain associated email addresses, but security experts nonetheless advise LinkedIn users to change their passwords as a precaution. Silveira said users of accounts associated with compromised passwords will receive an email from LinkedIn with instructions on how to reset their passwords.

“We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously,” Silveira added in his blog post on yesterday. He noted that emails sent by LinkedIn to affected users will not contain any links, apparently to avoid phishing scams.

It was not immediately clear how the passwords were obtained.

LinkedIn started out in the living room of co-founder Reid Hoffman in late 2002 and was launched officially on May 5, 2003. At the end of the first month of operation, LinkedIn had around 4,500 users. As of May 2012, the company said it has more than 161 million users around the world.

— Phuket Gazette Editors