NEW YORK (CNNMoney) -- Russian hackers released a giant list of
passwords this week, and on Wednesday security researchers identified
their likely source: business social networking site LinkedIn.
LinkedIn confirmed in a blog post late Wednesday afternoon that some of the stolen passwords correspond to LinkedIn accounts.
The company did not offer any information about how the passwords were stolen or the extent of the damage, but it said it is "continuing to investigate" the matter.
The 6.5 million leaked passwords were posted Monday on a Russian online forum, camouflaged with a common cryptographic code called SHA-1 hash. It's a format that's considered weak if added precautions aren't taken. Roughly half of the "hashed" passwords have already been decoded and posted online in human-readable text.
Several security researchers tweeted Wednesday that they have found their passwords among those that were revealed. Web security firm Sophos said it matched many of its researchers' own passwords that are used exclusively on LinkedIn.
Countless passwords on the list contain the word "linkedin." On a popular hacker forum, many reported finding passwords such as "linkedout," "recruiter," "googlerecruiter," "toprecruiter," "superrecruiter," "humanresources" and "hiring."
LinkedIn confirmed in a blog post late Wednesday afternoon that some of the stolen passwords correspond to LinkedIn accounts.
The company did not offer any information about how the passwords were stolen or the extent of the damage, but it said it is "continuing to investigate" the matter.
The 6.5 million leaked passwords were posted Monday on a Russian online forum, camouflaged with a common cryptographic code called SHA-1 hash. It's a format that's considered weak if added precautions aren't taken. Roughly half of the "hashed" passwords have already been decoded and posted online in human-readable text.
Several security researchers tweeted Wednesday that they have found their passwords among those that were revealed. Web security firm Sophos said it matched many of its researchers' own passwords that are used exclusively on LinkedIn.
Countless passwords on the list contain the word "linkedin." On a popular hacker forum, many reported finding passwords such as "linkedout," "recruiter," "googlerecruiter," "toprecruiter," "superrecruiter," "humanresources" and "hiring."
Comments
Post a Comment