Bad news for LinkedIn users. Hackers have managed to gain access to more than six million LinkedIn passwords, and have leaked them to the Internet.
Acknowledging the security breach, LinkedIn said that affected users will be notified via an e-mail with instructions on how to reset their passwords. The current passwords won't work. Also, the affected members will get another mail from LinkedIn's Customer Support team, which will provide more information on the situation and why users have been asked to change their passwords.
"We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts," LinkedIn director Vincente Silveira wrote in a blog post. "We are continuing to investigate this situation."
LinkedIn, however, did not reveal how many profiles have been compromised. According to The Verge, more than six million users affected. LinkedIn's Silveira points out that affected users who will update their passwords and users whose passwords haven't been compromised will be benefit from the “enhanced security” the network recently put in place, which features hashing and salting of current password databases.
"We sincerely apologize for the inconvenience this has caused our members," Silveira further wrote. Silveira has posted another blog on updating password and other account security best practices.
Earlier, a user in a Russian forum uploaded 6,458,020 hashed LinkedIn passwords. According to reports, LinkedIn did not follow best practices to secure the passwords. The leaked passwords were encrypted with the SHA-1 cryptographic hash, mainly used in SSL and TLS. The passwords were stored as unsalted hashes, which made much easier to decode them using pre-computed rainbow tables.
LinkedIn is one of the biggest professional networks with 161 million users across 200 nations. India is the second largest LinkedIn nation, with a user base of 14 million.