Apple Music Karaoke Mode Musk Briefly Not Richest COVID Variants Call of Duty and Nintendo 'Avatar 2' Director 19 Gizmo and Gadget Gifts Gifts $30 and Under Anker MagGo for iPhones
Want CNET to notify you of price drops and the latest stories?
No, thank you

LinkedIn working with police on password leak

In latest update, business networking company says it has strengthened site security, warned more users, and contacted police.

The reported list of leaked hashed LinkedIn passwords.
A snippet of the file containing reportedly leaked (and encrypted) LinkedIn passwords, obscured for security
Screenshot by Lance Whitney/CNET

LinkedIn said today that it has contacted police about the compromise of its users' passwords that hackers were actively cracking earlier this week.

"Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published," Vicente Silveira, a director at the professional social-networking site, wrote in a blog post. "We are also actively working with law enforcement, which is investigating this matter."

The damage appears to be somewhat limited in scope of data, the post says, but it's still unclear how many of the site's more than 160 million users may have been affected. "To the best of our knowledge, no email log-ins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member's account as a result of this event." When members log into LinkedIn they do so with an e-mail address and password, LinkedIn spokeswoman Erin O'Harra said when asked to confirm that no user names were exposed.

After realizing the problem, LinkedIn disabled the passwords that it believed were "at greatest risk" and sent those users e-mails informing them that they need to change their passwords, the post says. "Going forward, as a precautionary measure, we are disabling the passwords of any other members that we believe could potentially be affected. Those members are also being contacted by LinkedIn with instructions on how to reset their passwords," Silveira writes.

In addition, the company has beefed up the protection for the passwords in its current product database by using a technique called "salting" to the hashed, or obscured, passwords. Salting means more work for password crackers.

LinkedIn is one of the companies scrambling to warn people about the security problem after user passwords were found on a list posted to a hacker forum. Yesterday, LinkedIn and eHarmony confirmed password compromises, and today did. Although approximately 8 million passwords were on the leaked lists, it's unclear how many users are affected and whether other Web sites will be issuing warnings too. Users who might be affected should immediately change their passwords on those sites and any others they might have used those passwords on.

Updated 3:30 p.m. PT with background on password leaks.