LinkedIn confirms hacker uploaded over 6.4 million LinkedIn passwords

Over 6.4 million user passwords may be at risk
Over 6.4 million user passwords may be at risk

Your online job resume may not be so secure, with business networking site LinkedIn confirming that user passwords were stolen and uploaded online.

A file containing 6,458,020 hashed user passwords appeared on a Russian forum earlier today. The file did not contain any usernames with the passwords and it is unknown whether that information was obtained as well.

LinkedIn investigated the file and in a blog post confirmed that it contains actual user passwords.

"We want to provide you with an update on this morning's reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts."

The passwords in the uploaded file are stored as unsalted SHA-1 hashes. While SHA-1 is generally a secure algorithm, it can still be decrypted.

The password hashes also lack an extra layer of encryption that is provided by salting, which helps to protect against common hacking attempts from a list of likely passwords, known as a dictionary attack.

Are you at risk?

LinkedIn has taken three steps in response to the attack.

First, effected passwords have been invalidated. This means that users whose passwords are part of the file will have a prompt to change their password next time they sign in to LinkedIn.

Second, an email has been sent out to those users explaining the password reset process. LinkedIn notes that these emails will not include any links, and will have users requesting password assistance to ensure that uses distinguish it from potential scams due to the stolen passwords.

Finally, those users will receive a second email further explaining the situation regarding why their password needs to be reset.

LinkedIn also confirmed that it has put in place new security measures that include salting and hashing its existing password databases.

For help coming up with a new password, check out our guide on how to make your password more secure.

Latest in Cyber Crime
A person scanning a QR code on a smartphone
Quishing is the new QR code scam you need to watch out for – here's how to stay safe
Ransomware on the rise: how small and medium-sized businesses can achieve cyber resilience during turbulent times
Ransomware on the rise: how small and medium-sized businesses can achieve cyber resilience during turbulent times
Text Phishing Scams
Do not fall for this dangerous Amazon shopping scam
Cyber-security
Safeguarding against next-gen cyber risks
The North Face jacket
Thousands of North Face customers accounts hacked, personal data stolen
Smartphone hacked with data flow in the background
9 signs your phone has been hacked
Latest in News
Group of people meeting
Inflexible work policies are pushing tech workers to quit
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
Youtube
YouTube Premium could be getting a new time-saving perk, showing you recommended videos directly in your playback queue
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools