Security compromised: 6.4 million LinkedIn passwords stolen

A user on a Russian forum has claimed to have downloaded 6.46 million user hashed passwords from LinkedIn.

It looks as though some of the weaker passwords — around 300,000 of them — may have been cracked already. Other users have been seen reaching out to fellow hackers in an apparent bid to seek help in cracking the encryption.

Finnish security firm CERT-FI is warning that the hackers may have access to user email addresses also, though they appear encrypted and unreadable.

Very popular social networking site LinkedIn are currently running through a massive cyber attacks. It has been allegedly reported that more than six million passwords belonging to LinkedIn users have been compromised among them more than 300,000 passwords has already been cracked and published as plain text. A file containing 6,458,020 SHA-1 unsalted password hashes has been posted on the internet, and hackers are working together to crack them.  

LinkedIn has confirmed that it is investigating the incident. In the meantime, several reputable sources have said that they have found their LinkedIn passwords in that list; it can therefore be assumed that the social network's operator actually does have a problem.

Pages are already appearing on the internet that prompt you to enter your password to verify whether you are affected; these are phishing sites. It is also expected that there will be waves of spam email soon which will call for you to change your password with a link to a LinkedIn-impersonating phishing site. Instead of following these links, either enter the LinkedIn URL yourself (linkedin.com) or use a stored bookmark to visit the social network and change your password.