11 Jun 2012
Story image

No accounts breached after password hack: LinkedIn

By Mike Borgfeldt

Professional networking website LinkedIn has posted an update on the password breach it suffered last week, assuring users that no member accounts were accessed as a result, despite the open publishing of many users’ decoded passwords.

The stolen passwords – said to number around 6.5 million – were published online on Thursday, causing the LinkedIn security team to promptly disable the passwords of ‘those members whom we believed were at risk’.

"By the end of Thursday, all passwords on the published list that we believed created risk for our members, based on our investigation, had been disabled,” writes LinkedIn’s Vicente Silveira in a post on the company blog.

"It’s important to know that compromised passwords were not published with corresponding email logins... thus far, we have no reports of member accounts being breached as a result of the stolen passwords.”

All members whose passwords were disabled were sent emails with instructions on how to re-set their passwords. People whose passwords weren’t disabled were not deemed to be at risk, although Silveira adds that changing passwords every few months is ‘good practice’.

In an infographic posted on Mashable, data protection company Rapid7 lists the results of its analysis of the stolen passwords, showing that plenty of people are still using common passwords like 12345.

Interestingly, the analysis also showed many people’s passwords related to the purpose of the site, such as ‘work’, ‘job’ and ‘connect’. Other common themes were religion, such as ‘god’, ‘jesus’ and ‘angel’, and swear words.

Recent stories
More stories