Millions of LinkedIn passwords posted online; company’s response criticized

The online professional networking website LinkedIn has confirmed that “some” of its users’ passwords were stolen when it was hacked today, but the person responsible says it’s almost 6.5 million.

In a blog post earlier this morning, the LinkedIn team posted: “We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts.”

A message on its Twitter account early today said, “Our team is currently looking into reports of stolen passwords. Stay tuned for more.”

The alert was initially raised by Norwegian IT publication which reported that a Russian hacker website posted some 6.5 million encrypted passwords on its forum thought to have come from LinkedIn.

The hackers apparently wanted get help cracking the encrypted passwords.

Read more on The Daily Telegraph.

Jim Finkle and Jennifer Saba of Reuters report:

 LinkedIn Corp’s silence on the extent of a security breach that exposed millions of user passwords has damaged its reputation among some business professionals, and may slow the growing company’s rise if the breach turns out to be more serious than disclosed.

Several days after news of the theft of the passwords emerged, the site with more than 160 million members still says it has yet to determine the full extent of the breach.

Some cyber security experts say LinkedIn did not have adequate protections in place, and warn that the company could uncover further data-losses over coming days as it tries to figure out what happened.

Read more on Reuters.  One of the criticisms noted by others is that the firm reportedly had neither a chief information officer nor chief information security officer.

This breach has certainly gotten a lot of media coverage. There are already over 1250 news stories about it.


About the author: Dissent