LinkedIn Probes Possible Password Theft
Social Network Says It Can't Confirm Reports of a BreachLinkedIn says it's investigating reports that the social network was breached and that hackers uploaded nearly 6.5 million passwords.
See Also: Live Webinar | Compliance and Cyber Resilience: Empowering Teams to Meet Security Standards
On Twitter, LinkedIn said in a late morning EDT post on June 6: "Our team continues to investigate, but at this time, we're still unable to confirm that any security breach occurred. Stay tuned here."
Norwegian IT security blogger Per Thorsheim, on his Twitter account, says that many people confirmed their unique passwords have been leaked or stolen.
Initial reports came from the website The Verge, which disclosed a claim in a Russian online forum that a user uploaded hashed passwords but no user names.
According to The Verge, the passwords are stored as unsalted SHA-1 hashes, a secure algorithm, though one that's not foolproof. "LinkedIn could have made the passwords more secure by 'salting' the hashes, which involves merging the hashed password with another combination and then hashing for a second time," The Verge reports. "Even so, unless your password is a dictionary word, or very simple, it will take some time to crack."