LinkedIn on Tuesday confirmed reports that some of its users’ passwords have been compromised.
Early on Tuesday, reports surfaced that approximately 6.5 million LinkedIn passwords had been compromised and posted online. After initially not admitting to any security breach, the company announced later in the day that some of the passwords are indeed linked to user accounts. “We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” LinkedIn Director Dave Silveira wrote in a blog post. “We are continuing to investigate this situation.”
LinkedIn has automatically invalidated the passwords of impacted users and the company says emails will be sent to users whose passwords are compromised notifying them of the situation. The company warns users to not update passwords via links sent in any emails.
In addition, LinkedIn says it has “just recently” put into place additional security features for its passwords, including hashing and salting all of the company’s password databases. Salting is a process that adds user-specific information to encrypted passwords, making them more difficult to unencrypt.
“We sincerely apologize for the inconvenience this has caused our members,” Silveira wrote in the blog post, and added that the company is continuing to investigate the situation. The company has posted detailed instructions on how to change your LinkedIn password and some suggested best practices for password management.
[Network World staff writer Brandon Butler covers cloud computing and social collaboration. ]