Russian Hacker May Have Passwords
June 06, 2012
There’s a rumor that over 6.5 million LinkedIn paswords have been leaked to a Russian hacker forum. LinkedIn reported on Twitter this morning they are investigating the reports now. For security purposes please change your password ASAP.
The data was said to be posted on an online Russian hacker forum.
In numerous Twitter messages, LinkedIn told its members that it’s investigating the breach reports, and that it can’t yet confirm that hacker had accessed the site.
One said: “Our team is currently looking into reports of stolen passwords. Stay tuned for more.”
The fact that the passwords have been hashed using straight SHA-1 makes them somewhat easy to crack using brute force methods, he said.
Many of the 300,000 or so passwords that have already been posted in clear text online were cracked using a password cracking tool called John the Ripper, Carey said.
Users should immediately change their passwords, and keep a close eye on updates on the incident from LinkedIn, he said.
If it turns out that the hackers still have access to the database, LinkedIn users may need to change their passwords again, he said.
For more detail please see this security website