Professional networking site LinkedIn suffered a major security breach on June 6th, 2012 that resulted in the theft of approximately 6.5 million user passwords. The stolen data was subsequently posted on a hacker website, and while a majority of the passwords were protected with secure hash algorithms, some have been decrypted and published in plain text.
Dec 13, 2013
Last year's LinkedIn password hack shook the business-oriented social network to its core. Millions of usernames and passwords were published online in one of the largest security breaches ever. But where LinkedIn saw a PR nightmare and users saw a security concern, conceptual artist Aram Bartholl saw art.Read Article >
Forgot Your Password is a set of eight books containing some 4.7 million passwords that were leaked in June 2012. Visitors to the exhibit, which has toured Europe and is currently residing in Bartholl's native Germany, are invited to look through the volumes to see if their password is inside. Each password is arranged alphabetically and presented without its linked username(s). In addition to the books, Bartholl has also exhibited a pair of prints called Private Password, which contain 10,000 passwords each.
Jun 11, 2012Read Article >
Last week's breach at LinkedIn resulted in the leak of 6.46 million user passwords, but with some basic security measures in place it could have been avoided. The New York Times reports that "on a grading scale of A through F, experts say, LinkedIn, eHarmony and Lastfm.com would get, at best, a 'D' for password security" because the three sites — all of which were hacked last week — only took one step to secure user passwords. The article explains that an inexpensive way to securely store user data is to first hash the passwords, then to salt them, then to hash them again and store them on secure servers, but the three sites that were hacked last week only took the first step in this process. LinkedIn says that "prior to news" of the breach, the site began hashing and salting user passwords, but hopefully companies will take this step much sooner in the future.
Jun 7, 2012
LinkedIn: 'No email logins have been published' following password leak, law enforcement investigating
LinkedIn has yet to receive any reports of unauthorized account access after 6.5 million user passwords were posted online by hackers, the company said in a blog post today. Although the perpetrators managed to crack and reveal a "small set" of hashed passwords, LinkedIn hasn't seen any evidence indicating that the email addresses tied to those credentials have also been shared.Read Article >
"To the best of our knowledge, no email logins associated with the passwords have been published" says Director Vicente Silveira. He adds that the professional networking site is now working with law enforcement to investigate the breach, a process we imagine has only intensified thanks to similar attacks carried out on other popular web destinations in the days since.
Jun 6, 2012
Reports started swirling this morning that more than six million users had their account passwords stolen, and now the company has confirmed the security breach with a post on its blog — though the company hasn't yet confirmed how many accounts were compromised.Read Article >
Affected users will receive an email from LinkedIn with instructions on how to reset their password. This doesn't appear to be the standard password reset procedure, either — any affected user will automatically be locked out of their account, and the password reset email being sent by LinkedIn won't contain any links to the site. LinkedIn will also be sending affected members a second email from their customer service department detailing the circumstances behind the breach. We can't help but feel that all of the service's members deserve to know exactly what happened — they've entrusted their personal data to LinkedIn, regardless of whether their passwords were stolen or not.
Jun 6, 2012
A user in a Russian forum is claiming to have hacked LinkedIn to the tune of almost 6.5 million account details. The user uploaded 6,458,020 hashed passwords, but no usernames. It's not clear if they managed to download the usernames, but it's likely that both have been downloaded.There is a possibility that this could be a hoax, but several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list. Many of the hashes include "linkedin," which seems to add credence to the claims.Read Article >
We spoke with Mikko Hypponen, Chief Research Officer at F-Secure, who thinks this is "a real collection." He told us he is "guessing it's some sort of exploit on their web interface, but there's no way to know. I am sure sure LinkedIn will fill us in sooner or later."