Reports of 6.4 Million Stolen LinkedIn Passwords
- Wednesday, June 6, 2012, 6:44
- Threat Research
LinkedIn is investigating reports that approximately 6.4 million user
passwords have been posted on the Web. While the breach is still
unconfirmed by LinkedIn (as of the time that we wrote this blog), they
have acknowledged on their Twitter feed that their investigations have begun.
If you're a LinkedIn user, Websense® Security Labs recommends that
you change your password immediately to help prevent your password from
falling into the wrong hands.
After retrieving the password files that are being distributed on
forums in the .ru TLD space, it appears that the passwords are
hashed. However, based on samples seen by us, it is easy to translate
them into clear text. Our initial investigations reveal that a password
of "linkedin" features heavily.
It is uncertain how the hackers retrieved the stolen passwords;
however, the passwords that users are finding in the hashed files do
appear to be real.