LinkedIn confirms security breach.
Late yesterday evening news came out that a user on Russian forum hacked LinkedIn and uploaded 6,458,020 hashed passwords, however, no usernames were released. Of course, that is not to say that the hacker doesn’t have matching usernames for each of the passwords.
LinkedIn has since confirmed that the security breach did indeed occur, although they haven’t cited the exact number of passwords stolen. The following steps were listed for those whose accounts have been compromised:
- Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
- These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
- These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
Since the breach, Linked has enhanced their password security which includes hashing and salting of all the passwords in their database. Salting the passwords basically means that once a password is hashed, it is then combined with another string of digits and then rehashed and stored in the database. It is disturbing that such a necessary security measure took place only after such a huge security breach.