Hackers have struck big time yet again!
On Wednesday night, hackers broke into LinkedIn, the popular 161 million member strong social networking site and stole some 6.46 million encrypted passwords, and possibly the associated user names as well. The leak first came to light when the hackers claimed to have done the deed in an online forum and then substantiated the claim by uploading 6,458,020 passwords.
LinkedIn has confirmed the security breach but has refused to divulge further details, and is apparently still investigating the matter. For all we know, the attack might still be in progress.
LinkedIn used to encrypt passwords by scrambling, using the standards available in Secure Socket Layer (SSL) and Transport Layer Security (TLS.) This provides high security, but is not 100 percent foolproof. However, the compromised passwords were in all probability not salted, making it easy for the hackers to decipher the encryption formula. This development incidentally comes at a time when LinkedIn was already facing flak for storing users’ calendar entries in their servers and thereby violating privacy.
As an immediate step, LinkedIn has beefed up security measures, by hashing and salting current password databases. It plans to send out detailed mails to the affected members in future, but as of now only an apology is on offer.
In the meantime, the sure sign to tell if you are among the ones affected is to try logging in. Members with compromised passwords will find that their passwords are no longer valid. Security professionals advise all LinkedIn users to change passwords, and also the passwords of other accounts, when using the same password for multiple accounts.