Should you be worried by stolen LinkedIn passwords?

News

Should you be worried by stolen LinkedIn passwords?

A hacker has posted 6.5 million encrypted passwords from LinkedIn on the internet.

Sophos researchers have confirmed that the file posted on a Russian web forum contains LinkedIn passwords.

Hackers are working together to decrypt them.  

Although the data released so far does not include associated e-mail addresses, it is reasonable to assume such information could be in the hands of the criminals, Sophos said.

It is believed the data is encrypted using SHA-1. In 2010 a hacker proved it was possible to crack an SHA-1 encrypted file in 45 minutes. 

However, on the Naked Security blog, Sophos researcher Paul Ducklin noted that to crack a relatively small number of real-world passwords would cost nearly $2,000 of Amazon EC2 compute time.

So should LinkedIn users be worried?  “It would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step,” said Graham Cluley, senior technology consultant at Sophos.  

"Of course, make sure the password you use is unique – in other words, not used on any other websites – and that it is hard to crack.  

"If you were using the same passwords on other websites - make sure to change them too.  

"And never again use the same password on multiple websites."


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy