Author: CHUNG Yoon Ngan
Date: 06-07-12 04:57
LinkedIn confirms user passwords leak
June 7, 2012 - 9:14am http://www.chinadailyapac.com
Online business networking site LinkedInís headquarter in California, the United States. (Photo by Agencies)
Professional social network LinkedIn on Wednesday confirmed earlier reports that it had been hacked and lost around 6.5 million passwords.
"We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts," the company said in its official blog.
According to the blog post, the compromised passwords are no longer valid and members whose accounts are associated with those passwords will receive an email with instructions on how to reset their passwords.
Over the past three days, an unknown hacker has posted more than 8 million encrypted passwords on a Russian forum to request help cracking them.
Before LinkedIn confirmed the hack attack, several security professionals said that 6.5 million passwords belong to users of LinkedIn and another 1.5 million possibly belong to users of a popular dating site eHarmony.
The LinedIn passwords the hackers got are encrypted codes that were converted from the original passwords with a cryptographic function called SHA-1.
Security experts said SHA-1 is considered weak which makes the cracking job much faster and LinkedIn should have used cryptographic "salt," another security layer to add further complexity and difficulty to the cracking of passwords.
Meanwhile, if the hackers do not have the corresponding login names to the stolen passwords, it will be impossible for them to use these passwords to gain access to a particular account. But experts said it is safe to assume that the hackers also got the information and users should change their LinkedIn and eHarmony passwords immediately.