Beaches Not Breaches

Beaches Not Breaches

LinkedIn: Ugh Okay Fine, Your Passwords Were Leaked

Mr. Hoffman cough-speaking an apology? (

After denying it for hours, professional social network LinkedIn has finally copped to the news we reported earlier today: yes, your password may have been leaked.

The company took to its blog a few moments ago with a post entitled “An Update on LinkedIn Member Passwords Compromised:”

We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts….It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

Read More

Beaches Not Breaches

Time to Change Your LinkedIn Password, Folks

We hope NYSE doesn't reuse passwords. (

Bad news if, like so many of us, you’re bad about reusing passwords across the Internet. Many outlets are reporting a Russian hacker claims to have nearly 6.5 million encrypted user passwords. The Verge reports:

There is a possibility that this could be a hoax, but several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list. Many of the hashes include “linkedin,” which seems to add credence to the claims.

They also talked to F-Secure’s chief research officer, Mikko Hypponen, who believes it’s real.

The passwords were encrypted as unsalted SHA-1 hashes. Translation: They’re encrypted, but they’re not as secure as they could be and if you’re using something like “dragons” or “password,” you should probably be worried.

LinkedIn has yet to confirm the breach. At 8:06 a.m, the company’s Twitter newsfeed said, “Our team is currently looking into reports of stolen passwords. Stay tuned for more.” At 10:18 a.m, the company followed up with, “Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here.”

Meanwhile, the tech talent over at Hacker News are already picking apart the file.

This story is developing and we’ll update as we learn more.

Now if you’ll excuse us, we’re off to make sure we haven’t been hacked six ways to Sunday.