Blogs » Digital Babble » LinkedIn passwords leaked online. Have you changed your password?

Subscribe


Image

LinkedIn, the professional social networking site, has confirmed reports of a security breach that leaked password information of up to 6.5 million users.

On Monday, the leaked passwords were posted on a Russian online forum. The passwords were camouflaged with the cryptographic hash called SHA-1.

LinkedIn confirmed the reports of the password leak on their blog today, and encouraged users to change their passwords. If you haven't changed your password, do it now.

What is LinkedIn doing for those who have had their passwords leaked?

From the LinkedIn blog:

1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.

2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email.

3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.



In addition, LinkedIn has noted that they are taking additional steps to protect users by adding some extra security to their password database.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases. - Via LinkedIn blog


What's all this talk of hashing and salting you may ask? What does it mean when someone asks if you have salted your password?

Put away that Morton salt, because that isn't what we are talking about here.

Password hashing
Hashing is the process of converting a piece of data into a relatively short piece of data such as a string or an integer. LinkedIn had their passwords encrypted using the 160-bit Secure Hash Algorithm (SHA-1). This method is usually secure, but only if the hashes are "salted."

Image
Please, pass the salt.
Salting and rainbows
Salt is data added during the hashing process to make it more difficult to crack the data. When data is salted, it helps prevent the hashes from being looked up on a list of pre-computed hashes, also known as a rainbow table.

Image
Wrong kind of rainbow table.

So what can all of us learn from this? Make sure you have strong passwords, and have different passwords for all your accounts. If you used the same password for other accounts, it would be wise to change those passwords as well.

Sources: Cnn.com, LinkedIn.com, TechBlog

Photo credits: nan palmero, _nickd, dugspr