WASHINGTON, USA – The professional social network LinkedIn said Wednesday some of its members’ passwords were stolen after reports said more than 6.4 million accounts were breached.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation,” LinkedIn director Vicente Silveira said in a blog post.
Silveira said passwords on the compromised accounts were no longer valid, and that those members will receive instructions on how to reset their passwords.
“There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email,” he said.
For other members, LinkedIn has implemented “enhanced security” for password protection, he added.
Several security researchers reported the breach, which resulted in data being posted on a Russian hacker forum.
Graham Cluley of the British security firm Sophos said the hacker posting “does contain, at least in part, LinkedIn passwords.”
“Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals,” Cluley said in a blog post.
As a result, Cluley said, “it would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step.”
He said users should ensure the password you use is not used on any other websites, and hard to crack.
“If you were using the same passwords on other websites — make sure to change them too. And never again use the same password on multiple websites,” he said.
Jim Walter of the McAfee Threat Intelligence Service said the breach is “a good reminder to all internet users on the importance of maintaining an ever-changing and complex password. A secure passphrase may be the only thing standing between your personal data and those that wish to steal it.”
Just a day earlier, LinkedIn was subject to criticism by a security firm for allowing too much information to be revealed from its mobile application for Apple devices which use the iOS platform.
“LinkedIn’s mobile application has an interesting feature that allows users to view their iOS calendars within the app. However, it turns out that LinkedIn have decided to send detailed calendar entries of users to their servers,” said Adi Sharabani and Yair Amit of Skycure Security.
This means “highly sensitive information such as conference call details and passcodes” could be revealed, they said in a blog.
“We do not believe it utilized the collected information in a malicious way. However, we are concerned by the fact it collects and sends out sensitive information about its users, without a clear indication and consent.” – Agence France-Presse