Cyberattacks June 2012 (II) – Linkedln Member Passwords Compromised
Latest blog update by Vicenta Silveria, Director at Linkedln had confirmed that Linkedln member passwords have been compromised. Linkedln responded that it will suspend members’ account with compromised password. Linkedln said, the members affected will receive an email from Linkedln with instructions on how to reset their passwords. Linkedln emphasized that there will not be any links in this email.
Internet-based sources revealed that a list containing around 6.5 million Linkedln hashed passwords was leaked in a Russian forum last few days. If the number is true, then it involved around 4.33% of the Linkedln members as currently there are over 150 million members, as claimed by Linkedln in their site.
Mikko Hypponen, Chief Research Officer (CRO) at F-Secure had shared a few cracked passwords from the hashed dump which included: nathanlinkedin, linkedintrouble, hondalinkedin, eaglelinkedin springlinkedin, san!francisco!, salasanalinkedin, wwwLinkedIn, B1uesC1ues, T1msux!, M4nu3l.- etc. It showed that the Linkedln members’ password is fairly easy to crack, as the passwords were hashed with SHA-1 algorithm and unsalted. Such approach is very vulnerable to dictionary attack, especially when the user is using a weak password, which most likely will be found in a brute force dictionary attack.
In the mean time, Linkedln also announces that they have enhanced their security, which includes hashing and salting of their current password databases.
Change your Linkedln account password. You can refer the following link:
- Be alert on scam emails about Linkedln password changes, which links to phishing sites. Linkedln had stressed that there will not be any links in the email sent from Linkedln for password changing.