Photo of Cash Posted On Facebook Leads to Home Robbery
Mintz Levin: Breach Notification Laws In The United States

Data Breach At LinkedIn.com Exposes Passwords of 6.5 Million Users

Several news sources have reported a data breach at LinkedIn.com, which affected as many as 6.54 million users' passwords. According to The Next Web:

"Norwegian IT website Dagens IT reported the breach, with 6.5 million encrypted passwords posted to a Russian hacker site. Security researcher Per Thorsheim has also confirmed reports..."

Even though the passwords were encrypted, about 300,000 had already been cracked. At press time, LinkedIn had not issued an announcement. LinkedIn is a popular social networking website for professionals to find jobs and establish business contacts.

Experts advise LinkedIn.com users to change their passwords. And, if you use the same password at other websites, you should change those, too. That means, you will need to change the passwords for any mobile apps, too.

This potential breach is in addition to other bad news. Earlier today, researchers at Skycure Security discovered that the LinkedIn.com apps for iPhones and iPads leak sensitive, complete meeting details without notice to users, a potential violation of Apple's privacy policy. Plus, the apps don't really need the full meeting details collected and transmitted.

Read more about this breach at the New York Times.

I already changed my LinkedIn.com password, and I am glad that I don't use the same password everywhere. I look forward to hearing from the LinkedIn.com management about their breach investigation and data security fixes.

Update {2:30 PM EST]: The LinkedIn blog advises its users to change their passwords.

Update [8:00 PM EST]: after several news sources reported that the hackers had stolen passwords from both LinkedIn.com and the eHarmony.com dating website, eHarmony also advises its users to change their passwords.

Update [10:00 PM EST]: Forbes correctly warns that if LinkedIn doesn't fix its data breach and detect ongoing threats, then users changing passwords may not be enough.

Update [11:30 PM EST]: LinkedIn confirms breach.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.