LinkedIn said today that some passwords on a list of allegedly stolen hashed passwords belong to its members, but did not say how its site was compromised.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” Vicente Silveira, a director at the professional social networking site, wrote in a blog post.
LinkedIn has disabled the passwords on those accounts, it said. Account holders will receive an e-mail from LinkedIn with instructions for resetting their passwords. The e-mails will not include any links. Phishing attacks often rely on links in e-mails that lead to fake sites designed to trick people into providing information, so the company says it will not send links in e-mails.
Affected account holders will then receive a second e-mail from LinkedIn customer support explaining why they need to change their passwords.
Earlier this morning, LinkedIn had said it found no evidence of a data breach, despite the fact that LinkedIn users were reporting that their passwords were on the list.
- LinkedIn: we see no security breach…so far
- What to do in case your LinkedIn password is hacked
- Millions of LinkedIn passwords reportedly leaked online
- LinkedIn’s app transmit user data without their knowledge
More to come…
via CNET Latest News http://news.cnet.com/8301-1009_3-57448465-83/linkedin-confirms-passwords-were-compromised/?part=rss&subj=latest-news2&tag=title