LinkedIn works with FBI on password theft

6.4 million passwords stolen from networking site for jobseekers, professionals

(Reuters) — LinkedIn is working with the FBI as the social network for jobseekers and professionals investigates the theft of 6.4 million member passwords, the company said on Thursday.

The company does not know of any accounts that were taken over as a result of the security violations, according to LinkedIn spokesman Hani Durzy.

A spokeswoman with the FBI declined to comment.

LinkedIn is still in the early stages of the investigation. Durzy said it was not yet determined whether the email addresses that corresponded to the hacked passwords were also stolen.

On Wednesday, LinkedIn confirmed millions of passwords were stolen.

The company said on Thursday it would disable passwords that had been compromised and force customers to reset them. The company sent affected members emails explaining how to change their passwords.

Several security experts said that LinkedIn's stolen passwords had not been adequately secured and that the company did not employ best practices utilized by the world's largest websites.

When asked to comment on that criticism, Durzy said that LinkedIn had already boosted the security of its database.

"We place the highest value on the security of our members' data," he said.

Online dating service eHarmony warned on Wednesday that some of its user passwords had been breached after security experts discovered scrambled files with passwords for millions of online accounts.

The dating website's contents are sensitive and could subject compromised members to embarrassment or even extortion attempts, experts said.

The attack on LinkedIn did not last long as the latest in a series of security breaches that could affect sensitive consumer data.

On Thursday, Last.fm, which recommends music to users based on the songs they already listen to, also warned its website visitors to change their passwords after a leak which may have resulted from a hacking attack.

"We're sorry for the inconvenience around changing your password," the London-based company wrote.

It is unclear if the three attacks are all related. Web application security expert Jeremiah Grossman said on Twitter that all three companies used common Apache software for serving web pages to visitors, though that doesn't mean that there is a new flaw in the program.

The series of problems underscored the continuing issues with passwords, which are best complex, different for each site and changed every few months.

Major breaches often lead to scam emails and account takeovers, which can be used to convince acquaintances of the target to click on dangerous links that monitor online credit card or bank account use.

LinkedIn caters to companies seeking employees and people scouting for jobs. It has more than 161 million members worldwide and makes money by selling marketing services and premium subscriptions.

Latest stories