Skip to main content

LinkedIn confirms hack that leaked customer passwords

LinkedIn has confirmed that hackers gained access to some of the enterprise social network's passwords.

Affected members will receive an email with instructions on how to reset their passwords; current passwords will not work. They will also receive an email with more information on what happened.

"We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts", LinkedIn director Vincente Silveira wrote in a blog post. "We are continuing to investigate this situation".

The company did not confirm how many passwords were involved, though it reportedly affected about six million of LinkedIn's 161 million users. Silveira said all of its members benefit from "enhanced security we just recently put in place, which includes hashing and salting of our current password databases". That basically makes it a bit harder for the hackers to decipher the passwords, though not impossible.

"We sincerely apologise for the inconvenience this has caused our members", Silveira wrote. Earlier today, it was reported that a user in a Russian forum uploaded 6,458,020 hashed LinkedIn passwords. It's unclear if usernames were involved. Later in the day, Ars Technica reported that a list of about 1.5 million passwords appeared to include users of dating website eHarmony.

"A statistically significant percentage of users regularly pick passcodes that identify the site hosting their account. At least 420 of the passwords in the smaller list contain the strings 'eharmony' or 'harmony'", Ars said.