June 6, 2012
BOSTON — The business social network LinkedIn is confirming reports that some of its users' passwords have been stolen and leaked onto the Internet.
The company said in a June 6 blog post that some of the more than 6 million passwords that were compromised correspond to LinkedIn accounts. LinkedIn members who have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid. WGBH News contacted LinkedIn for confirmation on an exact figure but they were not able to confirm the number of LinkedIn members affected by the breach.
Ken Pickering, development manager of security intelligence at Core Security in Boston, said that although data breaches aren’t uncommon, the way this particular breach happened is alarming.
"Breaches to this scale and this public, where the password file was posted and people were working on cracking it before LinkedIn themselves can find evidence of a security breach — that’s probably the most alarming fact, is that someone gets away with 6.5 million records and LinkedIn themselves can’t find the source of the leak," he said.
The biggest threat to one’s online security, he said, is if a person uses their LinkedIn password to log in at other places as well.
"You should not use the same passwords in many places," he said. "So if LinkedIn gets hacked, the footprint of the impact in your life is relatively low because you log into your password manager and you change your LinkedIn password, so that’s the end of it."
As for the challenge of remembering all those different combinations of uppercase letters, numbers and special characters, "You should probably install a password manager and go that route," he advised.
Linked In has more than 160 million members. The company said in the blog post that it is continuing to investigate the matter.