Russian hackers may have compromised more than 6.5 million passwords for the business-oriented social networking site LinkedIn.
On its Twitter account, LinkedIn said it was not able to confirm if the passwords were stolen pending the results of an investigation. “We’re still unable to confirm that any security breach has occurred,” it said.
However, security firm Sophos said a file of 6,458,020 “unsalted” password hashes using the SHA-1 algorithm was published on the Internet, with hackers trying to crack them. It said some of those include LinkedIn accounts.
Passwords for logins generally use hashes-algorithms that disguise and secure the password. “Salting” adds a string of random characters to the hash to increase complexity, strengthening security against common practices used to crack passwords.
“Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals,” the firm posted on its site.
“Investigations by Sophos researchers have confirmed that the file does contain, at least in part, LinkedIn passwords.”
The breach was originally reported by Norweigan website Dagens IT.
Of the stolen passwords, approximately 300,000 are said to have been cracked by hackers, reported The Next Web, which recommended that users change their passwords regardless if they have been affected or not.
LinkedIn is one of the most popular social networking sites, with more than 150 million users.
The possible security breach comes a day after mobile security researchers found that LinkedIn’s mobile app was able to access the meeting notes of subscribers.
“The app doesn’t only send the participant lists of meetings; it also sends out the subject, location, time of meeting and more importantly personal meeting notes, which tend to contain highly sensitive information such as conference call details and passcode,” Skycure Security researcher Adi Sharabani on its blog.