Published June 06, 2012
Developing: LinkedIn (LNKD) said on Wednesday some of its users' passwords were compromised following reports that a list of 6.5 million passwords surfaced on the Internet.
LinkedIn did not specify how many accounts were represented on the list, and a spokesperson declined to comment specifically on the question. The Mountain View-based company said that its investigation is ongoing and that members who have had their passwords compromised will receive an e-mail with instructions on creating a new one. The company also provided users with a list of best practices to craft and protect passwords.
It was not immediately clear whether hackers were able to obtain access to specific user accounts.
The list contains passwords in the form of hashes, Beth Jones, senior threat researcher at IT security company Sophos, said in an e-mail. These hashes are long, scrambled strings of letters and numbers that companies use to add an extra layer of protection to certain data when it is stored.
In order for hackers to unscramble them, they utilize specialized software and pre-computed lists, Jones said. As a result of this technology, Jones said, it is likely that passwords that are easy to guess or use dictionary words have already been "cracked with little effort."
However, the list reviewed by Sophos did not contain associated usernames or e-mail addresses, meaning that unless hackers had another list, it would be difficult to directly tie the passwords to specific accounts. However, Jones cautions that with all of the details still fuzzy, it is impossible to say whether there is another list that is yet unseen that contains the usernames.
Still, there is a risk that even if the passwords can't directly enable hackers to access LinkedIn accounts, they can be used by hackers to create a "massive list for brute force attacks," Jones said. That means that when hackers are looking to unlock other accounts across the Internet, they may have 6.5 million sets of fresh keys to try out, speeding up the hacking process.
Shares of LinkedIn shed morning gains and eased 0.4% in afternoon trading on the New York Stock Exchange.