LinkedIn is the social network of choice for professionals who are looking to connect with others and find a better job in the process. The site boasts of over 150 million members who are using the network to exchange information, ideas, and opportunities.
Now a portion of those users might be in danger of having had their passwords compromised. A representative from the group responsible for the hack went on a Russian forum, and after claiming to have downloaded 6.46 million LinkedIn password hashes, reached out to other hackers to help crack the passwords in the 271MB file.
A number of other hackers responded to their request, and a short time later, over 300,000 of the password hashes were already decrypted. The hashes, which were unsalted SHA-1, are not particularly difficult to crack. LinkedIn confirmed the attack a few hours later, saying that it had suffered a breach which led to the data being downloaded. However, they didn't offer an explanation as to how it was accessed.
Some security researchers took to Twitter to talk about the leak, with one even offering sample passwords from the massive lot.
Some sample passwords from the alleged LinkedIn password leak: nathanlinkedin linkedintrouble hondalinkedin eaglelinkedin springlinkedin. More sample passwords from the alleged LinkedIn password leak: san!francisco! salasanalinkedin wwwLinkedIn B1uesC1ues T1msux! M4nu3l.
-- Mikko Hypponen, F-Secure's Chief Research Officer
Although the leak affects less than 5% of LinkedIn's entire user base, every member on the site is recommended to change their password as soon as they possibly can. If you use the same password on your other accounts, then make sure to update those accounts as well.