LinkedIn has more than 161 million users. It is estimated that roughly 6.5 million passwords were compromised. LinkedIn is a business-focused professional social networking site.
It has been reported that passwords from millions of users have been stolen and posted in an online Russian hackers' forum to be cracked. As many users have the same password for multiple accounts (i.e. LinkedIn, Gmail, Facebook), other accounts may ultimately be compromised. In addition, if LinkedIn profile information is stolen, phishing scam with this in-depth personal information may be extremely easy. It is unknown whether the people who leaked the passwords have more passwords, e-mail addresses, and user names that they have not leaked.
All users are suggested to change their passwords immediately to prevent possible further risks.
LinkedIn released a statement on June 6, 2012 acknowledging that some passwords were stolen.
LinkedIn Security Breach: What are your rights?
Over 6 million LinkedIn users have been affected by a massive security breach at the behemoth professional networking site. Reportedly, a file containing 6.5 million encrypted LinkedIn passwords was posted on a Russian hacking forum website, possibly looking to crowd source the hacking of difficult passwords. It is estimated that more than 200,000 of the passwords have already been cracked. Security experts have highly recommended that all users change their passwords immediately.
Experts say the file posted on the Russian hacking site only contains passwords hashed using the SHA-1 algorithm and does not include user names or any other data. It is unknown, however, whether the original hackers are in possession of more passwords, corresponding e-mails, and the names of user accounts. If this is the case, the breach could have widespread ramifications as many users utilize the same e-mail address and password to enter various sites. In addition, it is believed that if profile information is taken from LinkedIn, hackers may be able to use this detailed professional information in fake e-mail phishing scams.
What users are affected by this breach?
LinkedIn has said that owners of compromised accounts will receive an e-mail from LinkedIn with instructions on how to reset their passwords, as well as a follow-up e-mail from customer support explaining the situation in greater length. It is currently unknown whether those that leaked the passwords have additional passwords, user e-mails, and account names.