LinkedIn confirms: yesterday over 6.5 million accounts were compromised by the work done by an unidentified cracker who has published on a Russian forum of the material collected on the professional social network. After the hour is not yet possible to know the exact nature of the attack nor the characteristics of the vulnerability exploited, but is awaiting details of the time is right for the prevention and reassurance.
About 5% of the account would be potentially at risk and encourage service managers to exercise extreme caution, suggesting a rapid change to your password , especially if your profile is within the list of those involved.
Vicente Silveira , head of engineering of LinkedIn, in a blog post the company has underlined as it has been found that among the passwords published online there are several related to accounts that actually exist. The owners of these accounts are suspended temporarily until it is changed the password, will receive a notification via email: This e-mail, says Silveira, will not contain any links, but only instructions to follow to receive a new message containing the page address through which you can update your password.
After changing the password, then, affected users will receive another email containing the situation and the precise reasons which led the company to suggest that change. Silveira also encourages all users to provide their password to change as soon as possible : by doing so, in fact, you can take advantage of new systems of protection adopted by the social network, based on new techniques on hashing database credentials access by their subscribers. The change passwords also tend to weaken the material in the hands of crackers, by securing their account from any outside any possible incursion.
All this does not appear to represent a particularly dangerous for users because online would end only the passwords stolen by crackers (protected by encryption using SHA-1), but not the username. The caution, however, in these cases is never enough and the staff of LinkedIn invites you to modify not only the key to the social network, but also that of all the services for which you used to date the same password .