A lot of you guys probabaly use the popular social networking site LinkedIn for promoting yourself professionally. It is sort of the Facebook for professionals. I personally never login to it unless I am looking for new employment, but a lot of people use it on a daily basis for keeping in touch with peers in their industry. I know lots of sales and recruiting people use it, and chances are good people in your company use it.
Well, Business Insider reported today that LinkedIn has been hacked, and approximately 6.5 million encrypted passwords have been comprimised. From their post:
6.5 million encrypted LinkedIn passwords have leaked, reports Norwegian IT site Dagens IT (found via The Next Web).The passwords were shared via a Russian hacker site, and security researcher Per Thorsheim confirms that the leak is legit.
At the time of this writing, LinkedIn hasn't made a statement about the attack, but security researcher, Robert Graham has confirmed the hack is real on his blog. Robert writes:
Image via CrunchBase |
Today's news is that 6 million LinkedIn password hashes were dumped to the Internet. I can confirm this hack is real: the password I use for LinkedIn is in that list. I use that password NOWHERE ELSE. Furthermore, it's long/complex enough that I'm confident NOBODY ELSE uses the same password. Other security pros are reporting the same result. Therefore, we can confirm that this hack is real.
The way I tested to see if my password was in the list was to first generate a SHA-1 hash of my password, then I searched in the file "combo_not.txt" that I downloaded from the Internet containing the 6 million password hashes. I found a match.
Bottom line, change your password now, and if you use that password on any other site, you need to change that password as well.