The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!
Professional social network LinkedIn confirmed earlier rumblings that a portion of its members’ passwords leaked online. The company announced the news in a recently updated blog post.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” LinkedIn Director of Engineering Vicente Silveira wrote in the post, adding that the company is “continuing to investigate this situation.”
The security breach is due to an exploit with the way LinkedIn’s mobile app handles a user’s calendar data, as VentureBeat previously reported. A hacker was able to steal and publish around 6.5 million hashed passwords from the company using the exploit, which was flagged after someone requested help deciphering the encrypted password data this morning.
LinkedIn indicated that not all users are at risk of having their account information compromised. The company outlined the next few steps its taking to minimize the damage, as pasted below:
- 1) Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
- 2) These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email.
- 3) These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
If you were among the five percent of LinkedIn users affected by this leak, feel free to email us the full explanation (we’ll credit you!). It’s also probably a good idea to change your password on not only LinkedIn, but any other site or service that you’ve used the same password. While it’s understood that the leaked data only contained passwords (and not the email addresses associated with those passwords), you’re better off safe than sorry.
I was going to make a crack about how one particular portion of the population is more susceptible to getting their data compromised, but then I remembered that we’re all idiots when it comes to passwords.
Photo via Pedro Miguel Sousa/Shutterstock
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more