About 8 million cryptographic hashes have been posted to a user forum at insidepro.com that is dedicated to cracking passwords. Of the posted lists some 6.5 million entries are thought to belong to users of LinkedIn Corp.’s (NYSE: LNKD) business networking site. The postings asked for help from other users to crack passwords that “I can’t crack.” The remaining 1.5 million entries posted to the site are believed to come from the popular eHarmony dating site.
According to Ars Technica, the hashed entries are not associated with a login name,
making it impossible for people to use them to gain unauthorized access to a particular user’s account. But it’s safe to assume that information is available to the hackers who obtained the list, and it wouldn’t be a surprise if it was also available in underground forums. Ars readers should change their passwords for those two sites immediately. If they used the same password on a separate site, it should be changed there, too.
LinkedIn claims more than 160 million registered users, so the number of stolen passwords represents about 4% of the site’s users. The company said only that it is “currently looking into reports of stolen passwords.” eHarmony did not respond to a request from Ars Technica for comment.
In addition to the public information available on LinkedIn, the site could hold confidential information related to jobs and salaries, either from job seekers or from hiring companies. Access to other accounts at sites like Gmail, Amazon, PayPal, and banking sites could also be jeopardized if the same password was used on multiple sites.
Shares of LinkedIn closed up about 0.1% today at $93.08 in a 52-week range of $55.98-$120.63