LinkedIn has confirmed that more than six million users had their passwords stolen by hackers, and some 165,000 of those passwords have already been posted online. The popular networking site, which presents itself as a professional alternative to Facebook with a focus on business connections, has more than 150 million registered users worldwide. Will the site that boasts the slogan "relationships matter" be able to repair its relationship with worried users? Here's what you should know:
What exactly happened?
Early on Wednesday, reports began circulating that 6.5 million users had their account passwords stolen. Hours later, LinkedIn confirmed the security breach in a blog post. The company deactivated compromised accounts to protect users.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
SUBSCRIBE & SAVE
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
How did hackers steal these passwords?
It's unclear how hackers got into the system in the first place, and the company won't say who the suspected culprit is. But here's what we do know: The stolen passwords were originally published to a Russian forum, and most "were posted in a simple cryptographic code, suggesting the networking site had been using outdated security precautions," says the Moscow Times. A few of the posted passwords included phrases like "recruiter," "googlerecruiter," "toprecruiter," "human resources," "hiring," and "linkedin." It's not known if the hackers know each password's corresponding user log-in.
How is LinkedIn handling this breach?
The company deactivated many accounts, and is contacting the owners of hacked accounts and urging them to reset their passwords. But in some ways, things are getting worse, as the hacks have spawned a new spam campaign targeting LinkedIn users: Emails that look like they're officially from the site's administrators are actually spambots illegally "phishing" for passwords. The company is reminding its users not to follow any embedded links (the official LinkedIn email to reset your password is link-free and requires users to copy and paste), and to check source addresses carefully.
How badly will this hurt LinkedIn's reputation?
It's certainly not helping. LinkedIn just became "the most annoying of all social media" sites, says Loren Steffy at the Houston Chronicle. The site already nags users to accept invitations from nepotists and strangers. If LinkedIn really wants to inspire confidence, it should "devote the same amount of attention it currently places on badgering its members on tighter security."
Sources: CNET, Gawker, The Houston Chronicle, Moscow Times, PC World, The Verge
To continue reading this article...
Create a free account
Continue reading this article and get limited website access each month.
Already have an account? Sign in
Subscribe to The Week
Get unlimited website access, exclusive newsletters plus much more.
Cancel or pause at any time.
Already a subscriber to The Week?
Unlimited website access is included with Digital and Print + Digital subscriptions.
Create an account with the same email registered to your subscription to unlock access.
Antony Gormley's Time Horizon – a 'judgmental army' of 100 cast-iron men
'King's horses take free rein through London'
Is pop music now too reliant on gossip?
