LinkedIn passwords 'leaked by hackers'
social networking site linkedln is investigating claims that over six million of its users' passwords have been leaked onto the internet.Hackers posted a file containing encrypted passwords onto a Russian web forum.
They have invited the hacking community to help with decryption.
LinkedIn, which has over 150 million users, has not released a formal statement, but tweeted: "Our team is currently looking into reports."
Later, it added: "Our team continues to investigate, but at this time we are still unable to confirm that any security breach has taken place."
Security researcher Graham Cluley told the BBC he believed the breach was genuine.
"We've confirmed there are LinkedIn passwords in the data.
"We did this by searching through the data for (hashed) passwords that we at Sophos use only on LinkedIn. We found those passwords in the data. We also saw that hundreds of the passwords contain the word 'Linkedin'.
"Our advice is to change your LinkedIn password. And if you use the same password on other accounts, change it there too."
Privacy concern The news comes as LinkedIn was forced to update its mobile app after a privacy flaw was uncovered by security researchers.
Continue reading the main story
What to doSecurity experts have advised users to change their passwords on LinkedIn. Here's how:
- Visit www.linkedin.com, and log-in with your details
- Once logged-in, hover over your name in the top right-hand corner of the screen, and select 'Settings' from the menu
- You may be asked to log-in again at this point
- On the next screen, click the 'Account' button which is near the bottom of the page
- Under the 'Email & Password' heading, you will find a link to change your password
Skycure Security said the the mobile app was sending unencrypted calendar entries to LinkedIn servers without users' knowledge.The information included meeting notes, which often contain information such as dialling numbers and passcodes for conference calls.
In response LinkedIn said it would "no longer send data from the meeting notes section of your calendar".
The company stressed that the calendar function was an opt-in feature.