Professional social network LinkedIn confirmed earlier rumblings that a portion of its members’ passwords leaked online. The company announced the news in a recently updated blog post.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” LinkedIn Director of Engineering Vicente Silveira wrote in the post, adding that the company is “continuing to investigate this situation.”
The security breach is due to an exploit with the way LinkedIn’s mobile app handles a user’s calendar data, as VentureBeat previously reported. A hacker was able to steal and publish around 6.5 million hashed passwords from the company using the exploit, which was flagged after someone requested help deciphering the encrypted password data this morning.
LinkedIn indicated that not all users are at risk of having their account information compromised. The company outlined the next few steps its taking to minimize the damage, as pasted below:
- 1) Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
- 2) These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email.
- 3) These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
If you were among the five percent of LinkedIn users affected by this leak, feel free to email us the full explanation (we’ll credit you!). It’s also probably a good idea to change your password on not only LinkedIn, but any other site or service that you’ve used the same password. While it’s understood that the leaked data only contained passwords (and not the email addresses associated with those passwords), you’re better off safe than sorry.
I was going to make a crack about how one particular portion of the population is more susceptible to getting their data compromised, but then I remembered that we’re all idiots when it comes to passwords.
Photo via Pedro Miguel Sousa/Shutterstock
VB’s research team is studying mobile user acquisition: Chime in here, and we’ll share the results.