Professional networking site LinkedIn has experienced a major data breach that has compromised the passwords of more than 6 million of its members.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation,” wrote LinkedIn engineer Vicente Silveira on the company blog.
LinkedIn further adds that the members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid. They will also receive an email from LinkedIn with instructions on how to reset their passwords. The users that follow this step and request password assistance would receive an email from LinkedIn with a password reset link.The affected members would also receive a second email from the LinkedIn customer support team, providing a bit more context on the situation.
LinkedIn has more than 161 million members worldwide, with 61 percent of its membership located outside the United States.
Based on the analysis of the type of information stolen and quantity of data posted on forums, Marcus Carey, security researcher at Boston-based Rapid7, said that the attackers had most likely been inside LinkedIn’s network for at least several days.
“If the attackers are still entrenched in the network, then users who have already changed their passwords may have to do so a second time,” Carey added.
News of the LinkedIn data breach surfaced on Wednesday when computer security experts discovered files with some 6.4 million encrypted passwords on underground websites where criminal hackers frequently exchange stolen information.
Graham Cluley, a senior technology consultant with British computer security software maker Sophos said that it is not yet clear if all of those passwords belong to LinkedIn members.