LinkedIn this afternoon acknowledged that some of its user passwords have been stolen, after reports earlier today that more than 6.4 million encrypted LinkedIn user passwords were uploaded to a Russian forum.
The popular business-oriented social network didn’t confirm the number, but Vincente Silveira, a LinkedIn director, said in a blog post that the company “can confirm that some of the passwords that were compromised correspond to LinkedIn accounts.”
Here are the steps that LinkedIn says it is taking.
- Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
- These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email.
- These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
The company says it’s still investigating the situation, noting that it recently put new security measures, including hashing and salting, which jumble the stored passwords and insert random characters to make the actual passwords tougher to figure out.