Millions of users’ passwords from LinkedIn have been stolen and posted online, it has emerged this week.
It is thought that around six million passwords from the social networking site for professionals have been compromised in a security breach by a poster on a Russian forum.
The file, which contained the passwords but not their linked usernames, was posted on a hackers’ web forum based in Russia, and it is thought that teams are working their way through the file to decrypt the passwords and access LinkedIn accounts.
LinkedIn users are now being advised to change their passwords in order to protect their accounts from possible criminal activity. There is also a risk that the data could be used to access accounts on other websites, as some users are likely to use the same password for various different online accounts.
Some users have already reported receiving scam emails that look remarkably similar to the regular emails sent out by LinkedIn. The scam emails use the same LinkedIn format, and ask users to click a link in order to confirm their password.
With 160 million users across 200 countries, LinkedIn is a social network which links users through their professional connections, with nine million users based in the UK.
A LinkedIn spokesman said of the password thefts: “Our team continues to investigate, but at this time we’re still unable to confirm that any security breach has occurred.”
However, in a post on its official account, LinkedIn confirmed that “some of the passwords that were compromised correspond to LinkedIn accounts.”
This is a PR disaster for LinkedIn, which has never quite taken off in the same way as Facebook and Twitter when it comes to social networking. On top of its recent privacy issues, in which it was accused of sending unencrypted calendar entries to its servers via its mobile app without permission, LinkedIn will no doubt have to work overtime in order to win back the trust of its users.