Computerworld - In response to widespread reports of a massive data breach at LinkedIn, the company Wednesday confirmed that passwordsbelonging to "some" of its members have been compromised. In a carefully worded blog post , LinkedIn director Vicente Silveira said the company has confirmedthat an unspecified number of hashed passwords posted publicly on aRussian hacker forum earlier this week, "correspond to LinkedInaccounts." Silveira made no mention of how the passwords may have ended up onthe forums but noted that LinkedIn is continuing to investigate. "Members that have accounts associated with the compromisedpasswords will notice that their LinkedIn account password is nolonger valid," Silveria said. Users of the social networking site for professionals will alsoreceive an email from LinkedIn with instructions on how to resettheir passwords. |
The email will not contain any links that userswill need to click on to reset their password, he noted. Affectedcustomers will also receive a note from LinkedIn with moreinformation on what happened and why they are being asked to resettheir passwords, Silveira said. Earlier Silveira had posted a separate note urging LinkedIn membersto change their passwords and providing them with tips on how tocreate strong passwords. Silveira was responding to numerous reports earlier Wednesday thathackers accessed close to 6.5 million hashed passwords from aLinkedIn database and posted it publicly on a Russian hacker forum.According to security researchers who had seen the compromised data, more than 300,000of the hashed passwords have already been decrypted and postedonline in clear text.
LinkedIn had earlier said it was looking into those reports but hadnot confirmed the breach. Tal Be'ery, security research leader at Imperva, claims to haveseen the stolen data and said much more than 6.5 million passwordsmight have been compromised. According to Be'ery, the passwords that have been posted onlineappear to be only those passwords that the hackers needed help incracking. What the breached password list is missing are the usualeasy-to-guess passwords that people commonly use to control accessto online accounts, he said. The LinkedIn password file does notcontain any of the common passwords that Imperva's researchers havetypically run across when analyzing similar password breaches, hesaid.
"Most likely, the hacker has figured out the easy passwords andneeds help with less common ones." So it's likely that only themore complicated passwords have been revealed so far, he theorized. The breached list shows that LinkedIn did not use best practices inprotecting the passwords, he said. The hashes that were used tomask the real passwords were so-called unsalted SHA-1 hashes. SHA-1is a hashing algorithm that is used to protect passwords. BecauseSHA-1 isn't foolproof, security experts have for some timerecommended that organizations use a technique called "salting" tomake passwords harder to crack.
With salting, an applicationapplies a random string of characters to a password before it ishashed. The process ensures that even if two passwords areidentical, their hashes will be unique.
The e-commerce company in China offers quality products such as Roll Forming Machinery , Hot Dip Galvanized Steel Coil Manufacturer, and more. For more , please visit Color Coated Steel Coil today!
Related Articles -
Roll Forming Machinery, Hot Dip Galvanized Steel Coil Manufacturer,