Like The Herald Business Journal on Facebook!
The Herald of Everett, Washington
Heraldnet.com

The top local business stories in your email

Contact Us:

Josh O'Connor
Publisher
Phone: 425-339-3007
joconnor@heraldnet.com

Jody Knoblich
General Sales Manager
Phone: 425-339-3445
Fax: 425-339-3049
jknoblich@heraldnet.com

Jim Davis
Editor
Phone: 425-339-3097
jdavis@heraldnet.com

Site address:
1800 41st Street, S-300,
Everett, WA 98203

Mailing address:
P.O. Box 930
Everett, WA 98206

HBJ RSS feeds

LinkedIn investigating reports of stolen passwords

SHARE: facebook Twitter icon Linkedin icon Google+ icon Email icon |  PRINTER-FRIENDLY  |  COMMENTS
By Cassandra Vinograd
Associated Press
Published:
LONDON -- Business social network LinkedIn said it is investigating reports that more than six million passwords have been stolen and leaked onto the Internet.
Although LinkedIn did not confirm if any user data had been hacked or leaked, researchers at U.K. Web security company Sophos say they have confirmed that a file posted online does contain, in part, LinkedIn passwords "hashes." That's a way of encrypting or storing passwords in a different form.
Graham Cluley, a consultant with Sophos, recommended that LinkedIn users change their passwords immediately.
LinkedIn has a lot of information on its more than 160 million members, including potentially confidential information related to jobs being sought. Companies, recruiting services and others have accounts alongside individuals who post resumes and other professional information.
There's added concern that many people use the same password on multiple websites, so whoever stole the data could use the information to access Gmail, Amazon, PayPal and other accounts, Cluley said.
As a precautionary measure, LinkedIn issued security tips in a blog post Wednesday. The company said users should change passwords at least every few months and avoid using the same ones on multiple sites.
LinkedIn also had suggestions for making passwords stronger, including avoiding passwords that match words in a dictionary. One way is to think of a meaningful phrase or song and create a password using the first letter of each word.
Cluley said hackers are working together to break the encryption on the passwords.
"All that's been released so far is a list of passwords and we don't know if the people who released that list also have the related email addresses," he said. "But we have to assume they do. And with that combination, they can begin to commit crimes."
It wasn't known who was behind such an attack.
LinkedIn Corp. referred repeated requests for comment to the company's Twitter feed, where it said its team was "looking into reports of stolen passwords."
Two hours later, the company posted a second tweet saying that it was still unable to confirm if a security breach had occurred.
While the passwords appear to be encrypted, security researcher Marcus Carey warned that users should not take solace from such security measures.
"If a website has been breached, it doesn't matter what encryption they're using because the attacker at that point controls a lot of the authentication," said Carey, who works at security-risk assessment firm Rapid7. "It's 'game over' once the site is compromised."
He said that if the breach is confirmed, he expects LinkedIn to require users to change their passwords with the threat of locking them out of the site if they don't. Full containment of a breach would only be possible if every single password is changed or users are disabled, he said.
Cluley also warned that LinkedIn users should be careful about malicious email generated around the incident. The fear is that people, after hearing about the incident, would be tricked into clicking on links in those emails. Instead of getting to the real LinkedIn site to change a password, it would go to a scammer, who can then collect the information and use it for criminal activities.
Shares of LinkedIn, which is based in Mountain View, California, fell 49 cents, or 0.5 percent, to $92.51 in U.S. afternoon trading Wednesday.
------
Follow Cassandra Vinograd on Twitter at http://twitter.com/CassVinograd
------
Online:
LinkedIn's security tips: http://bit.ly/LabO9f
Story tags » Internet & CloudSocial media

MORE HBJ HEADLINES

CALENDAR

Share your comments: Log in using your HeraldNet account or your Facebook, Twitter or Disqus profile. Comments that violate the rules are subject to removal. Please see our terms of use. Please note that you must verify your email address for your comments to appear.

You are logged in using your HeraldNet ID. Click here to update your profile. | Log out.

Our new comment system is not supported in IE 7. Please upgrade your browser here.

comments powered by Disqus

Market roundup