Russian hacker leaks 6.5million LinkedIn account passwords on cybercrime forum


Russian hacker leaks 6.5million LinkedIn account passwords on cybercrime forum

6.5 million passwords posted online

'Teams' of hackers working together to mine information

Major security risk for users who share passwords across several accounts
Security experts urge users to change passwords now
 

Around six million users of the social networking site LinkedIn have had their accounts hacked and their passwords stolen, according to technology experts.

The website, popular with businessmen and women, is investigating claims that a file containing 6.5million encrypted passwords was published on a Russian hackers’ web forum.

Experts are now advising users to change their passwords on LinkedIn and other websites for which they use the same password.

A Russian hacker claims to have stolen more than six million passwords from work-oriented social network LinkedIn
They also warn that the stolen passwords are probably already in the hands of criminals if the security breach is genuine.

LinkedIn has more than 160million users in 200 countries and nine million in the UK.
Graham Cluley, of internet security firm Sophos, said he believed the breach was genuine and warned that the passwords were now likely to be in the hands of criminals.

He added: ‘We’ve confirmed there are LinkedIn passwords in the data. We did this by searching through the data for passwords that we at Sophos use only on LinkedIn. We found those passwords in the data. We also saw that hundreds of the passwords contain the word Linkedin.


‘Our advice is to change your LinkedIn password. And if you use the same password on other accounts, change it there too.’

Per Thorsheim, the internet security expert who first raised the alarm, said that the number of users who may have had their passwords stolen is likely to be around 6.5million.

The news comes after LinkedIn was forced to change its policies after it was accused of a privacy breach discovered by web security researchers.

The problem concerned a mobile app which sent unencrypted calendar entries, such as phone numbers and passwords for conference calls, to LinkedIn servers without the users’ knowledge.
On Tuesday a hacker with the username ‘dwdm’ appealed for help on the Russian hackers’ forum to decrypt the files and access the original passwords.

By yesterday morning, hackers claimed to have revealed hundreds of thousands of passwords.
Although LinkedIn does not contain a wealth of personal data like other social networking sites such as Facebook, there is a risk that confidential information could be stolen.

There is also a risk that LinkedIn members who use the same password for other websites could be at risk of having other personal data stolen, including bank details.

A spokesman for LinkedIn said: ‘Our team continues to investigate, but at this time we’re still unable to confirm that any security breach has occurred.’