A large set of LinkedIn passwords have reportedly been posted on a Russian hacker web forum, landing millions of accounts in danger of being cracked.
Thus far, most passwords remain encrypted – the hackers who stole the data asked their “colleagues” to help decipher the files. However, the encryption is quite easy to break, so the users must prepare for the worst, password expert and consultant Per Thorsheim, told the Norwegian DN.no IT website. The name of the hacker site is unknown.
“Once the passwords are deciphered, hackers will be able to log in and get access to any secret sources users have,” Thorsheim said. “They could also send out fake messages or even expensive proposals. Distributing viruses is another option.”
Hackers might have chosen LinkedIn since its users often have much more power and resources than those of Facebook, the specialist believes.
LinkedIn has not yet officially commented on the theft, but promised to look into the case via its Twitter account.
“Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred. Stay tuned here,”they wrote.
This is not the first security flaw detected within LinkedIn. Israeli security researchers have recently found out that the network’s new iOS mobile application is transmitting to the main server all user calendar entries. Those include details about meeting locations, participants, dial-in information, passwords and sensitive meeting notes.
Such policy, specialists say, violates iOS privacy guidelines that expressly prohibit any transmission of users’ data without their permission.