LinkedIn confirms breach, urges members to change compromised passwords

LinkedIn will alert impacted users

LinkedIn today confirmed reports that some of its users' passwords have been compromised.

Early on Tuesday reports surfaced that approximately 6.5 million LinkedIn passwords had been compromised and posted online. After initially not admitting to any security breach, the company announced later in the day that some of the passwords are linked to user accounts. "We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts," LinkedIn Director Dave Silveira wrote in a blog post. "We are continuing to investigate this situation ..."

EARLIER: LinkedIn investigating compromised passwords

MORE HACKING: Hacker v. Hacker: When Egos or Motives Clash, Hackers Attack Each Other

LinkedIn has automatically invalidated the passwords of impacted users and the company says emails will be sent to users whose passwords are compromised notifying them of the situation. The company warns users to not update passwords via links sent in an email.

In addition, LinkedIn says it has "just recently" put into place additional security features for its passwords, including hashing and salting all of the company's password databases. Salting is a process that adds user-specific information to encrypted passwords, making them more difficult to unencrypt. 

"We sincerely apologize for the inconvenience this has caused our members," Silveira wrote in the blog post, and added that the company is continuing to investigate the situation. For more detailed instructions on how to change your LinkedIn password and best practices of password management, click here.

Network World staff writer Brandon Butler covers cloud computing and social collaboration. He can be reached at BButler@nww.com and found on Twitter at @BButlerNWW.

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies