LinkedIn users may be changing their passwords in droves, after reports that credentials for 6.5m people have leaked, but the company itself maintains that it so-far can’t discover any sign of a breach. “Our team continues to investigate,” LinkedIn took to Twitter to say, “but at this time, we’re still unable to confirm that any security breach has occurred.”
The comment – as well as an earlier statement, also on Twitter, that “Our team is currently looking into reports of stolen passwords. Stay tuned for more” – is so far LinkedIn’s only public response to the allegations. According to users in Russian forums, however, nearly 6.5m passwords have somehow been acquired for LinkedIn user accounts, representing around 4-percent of the business-centric social site’s membership.
The purported password list is still SHA1 encrypted, it’s worth noting, which means it’s not simply a case of picking out an entry and accessing someone else’s account. Those supposedly responsible are said to be attempting to crowd-source assistance in cracking that encryption.
No explanation of where, exactly, the list came from or how it was acquired has been given, though several LinkedIn users have already confirmed that they have discovered their password among those in the wild. It’s also missing a companion roster of usernames, which will hopefully limit any damage as well.