Social network LinkedIn confirmed a security breach Wednesday that resulted in the loss of encrypted passwords and could allow criminals to break into subscribers’ accounts.
Norway-based tech blog Dagens IT reported earlier in the day that hacked passwords were first posted to a Russian hackers forum. Two security firms, Sophos and Rapid7, said they were able to confirm the breach by searching for the known passwords of colleagues within the massive file they say has been spreading through other hacker forums.
Vicente Silveira a director at Linkedin confirmed in a blog post on the site “that some of the passwords that were compromised correspond to LinkedIn accounts.” The company said effected members would have their passwords deactivated and would receive instructions by email on how to reset.
Silveira added that LinkedIn has “just recently” put in place security measures that would prevent hackers from easily guessing passwords.
LinkedIn didn’t specify how many passwords were compromised. Dagens IT reported 6.5 million passwords, which would represent about 4% of LinkedIn’s 150 million users.
Other hackers have managed to de-encrypt and post passwords online, said Graham Cluley, a security consultant at Sophos. Mr. Cluley said there is so far no evidence that the passwords have been linked to user email addresses.
Read Original Story Here: blog