LinkedIn probe over 'hacking'

Social networking website LinkedIn has launched an investigation after reports more than six million users passwords were posted online.

Last.fm is latest social network to investigate password 'leak'

Last FM posted a security update on its website today. Credit: Last.fm/passwordsecurity

Last.fm has become the latest social network to reveal it is investigating the leak of some of its users' passwords.

A message posted on its website today has urged account holders to log in and change password as a precautionary measure.

The music streaming and statistics service had 30 million active users in March 2009.

'Phishing' scammers target LinkedIn users following password hack

'Phishing' scammers often claim to be official sources to trick people into revealing personal details. Credit: Clive Gee/PA Wire

Internet scammers have targeted LinkedIn users likely to be concerned about their account security following yesterday's claims that as many as six million passwords had been stolen by hackers.

Emails, such as this one seen by the BBC, claiming to be from "The LinkedIn Team" were sent to users asking them to confirm their email address by clicking a link.

But the BBC says the link only took recipients to a website selling 'counterfeit drugs'.

Advertisement

Security firm: LinkedIn users should change passwords 'as a precautionary step'

Millions of users of the social networking site LinkedIn have been told to reset their passwords after security information was stolen.

IT security and data protection firm Sophos said the leaked encrypted data does not include associated email addresses but warned that hackers will be working to crack the "unsalted" password hashes and "it is reasonable to assume that such information may be in the hands of the criminals".

It would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step.

"Of course, make sure that the password you use is unique - in other words, not used on any other websites - and that it is hard to crack.

"If you were using the same passwords on other websites, make sure to change them too. And never again use the same password on multiple websites."

– Graham Cluley, senior technology consultant at Sophos

LinkedIn security tips

Social networking website LinkedIn has provided these security tips following the reported theft of almost 6.5 million passwords. See the full statement here.

  • Never change your password by following a link in an email
  • Change your account passwords every few months
  • Don’t use the same password on all the sites you visit
  • Don’t use a word from the dictionary
  • Never give your password to others or write it down

LinkedIn confirms 'accounts compromised' by theft

LinkedIn has provided an update on the reported theft of almost 6.5 million passwords. The social media website said it is "continuing to investigate" but that it has put measures in place for "the compromised accounts". A statement said:

We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts.We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously.

Users affected by the theft will find that their password is no longer valid. They will receive an email explaining how to reset their passwords, but are warned not to do this by following any links in emails. LinkedIn did not say how many accounts were compromised.

LinkedIn users warned about spam emails

Experts are advising LinkedIn users to watch out for scam emails that appear to be from the social networking site.

Adrian Chen from the Gawker website said the spam emails are likely to be slightly different in appearance. You should not give away any login details.

Tw_2011_normal

First change your LinkedIn password. Then prepare for scam emails about Linkedin password changes, linking to phishing sites. Will happen.

Adrian_normal

Warning: LinkedIn was hacked. Be on the lookout for spam emails that are slightly different than the spam emails LinkedIn usually sends.

Users have also been advised to change their password to something unique, that they are not using on any other website. The nakedsecurity blog provides a guide on how to do this.

Advertisement

'LinkedIn password theft did not include email addresses'

A consultant at IT security and data protection firm Sophos has said that the leak of six million passwords from LinkedIn does not include the associated email addresses.

But he warned that it is "reasonable to assume that such information may be in the hands of the criminals". He advised the following:

All LinkedIn users [should] ... change their passwords as soon as possible as a precautionary step. Of course, make sure that the password you use is unique - in other words, not used on any other websites - and that it is hard to crack.

– Graham Cluley, senior technology consultant at Sophos

LinkedIn users advised to change password

Social networking website LinkedIn has advised its users to "stay tuned" while it investigates reports that more than six million passwords have been stolen.

Twitterbg_linkedin_icon_normal

Our team is currently looking into reports of stolen passwords. Stay tuned for more.

Twitterbg_linkedin_icon_normal

Our team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred. Stay tuned here.

Internet experts have advised users to change their security details immediately after a file containing 6.5 million passwords was posted online.