Social networking site, LinkedIn, with 161 million users worldwide has finally confirmed that 'some' of the LinkedIn passwords have been compromised, with the reassurance that they are in the process of bringing the situation under control.

It was reported that over 6 million passwords had been leaked and posted on an online forum in Russia. The file contained 6.5 million unique hashed passwords. On Wednesday morning Vicente Silveira confirmed the hack, and stated that "We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation."

LinkedIn has also said that all the users affected from the hack will not be able to access their accounts until they change their passwords.

Every affected member has been sent an email by LinkedIn with instructions on how one can change their passwords. This email contains only instructions and no links.

Once the user requests password assistance, only then will LinkedIn send a password reset link. Users will also receive a second email with information in context to this situation and reasons why they are being asked to change their passwords.

It is advisable to change your LinkedIn password instantly. If you are one of those who has a common password for most of your accounts, then you must leave this page and change your password right away. According to analysts, it is possible that these passwords also have corresponding email addresses, thereby compromising your entire online presence.

It may seem that LinkedIn has the situation under control, but according to Marcus Carey, security researcher at Rapid7, the attackers have been in LinkedIn's network for days, and it is quite possible that they might still have access to the system.

"If the attackers are still entrenched in the network, then users who have already changed their passwords may have to do so a second time." warns Carey.

It is also believed that as far as passwords are concerned, LinkedIn's security has not been up to the mark. The very statement by Silveria, that:

"Affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases."

...proves that until the time that 6 million passwords had not been hacked, LinkedIn didn't bother bringing the latest practices in place.

Although I am not a techie and don't understand the concept of hashing and salting intricately, but as a layman, here's how I can explain it:

Hashing: it converts the password into a unique set of numbers. Say, your password is 1234LinkedIn, Hashing will convert it into a series of numbers and alphabets, making it harder for the hackers to recognize the password.

Salting: to put it simply, it an extra layer of protection for your password. It makes it even harder for a hacker to recognize already hashed password.

Until now, LinkedIn had not implemented hashing or salting to their system. According to Geoff Webb, director of Credant Technologies, a security firm, "It would be best practice to use a salt when you're hashing passwords because it makes it much harder for a hacker to figure out what your password is if they've stolen your hashes."

So far LinkedIn has sincerely apologized for the inconvenience, and clarified their intention of taking this situation very seriously. We just hope that the damage has not already been done.


For all the latest updates from us, you can sign up to receive regular updates from us directly in your inbox.


You may also like to check out:
20 Technological Sins That You Must Not Commit