IT security and data protection firm Sophos is advising users of business social networking site LinkedIn to change their passwords, after unconfirmed reports that the website has been hacked and user password details posted online.
Although not yet confirmed by LinkedIn, it is being speculated that over six million passwords belonging to LinkedIn users have been compromised. A file containing 6,458,020 unsalted password hashes has been posted on the internet, and hackers are working together to crack them. Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals.
Investigations by Sophos researchers have confirmed that the file does contain, at least in part, LinkedIn passwords.
“It would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step,” said Graham Cluley, senior technology consultant at Sophos. “Of course, make sure that the password you use is unique – in other words, not used on any other websites – and that it is hard to crack. If you were using the same passwords on other websites – make sure to change them too. And never again use the same password on multiple websites.”
More information, including instructions on how users can change their LinkedIn password, can be found on the Sophos Naked Security blog.
