By Jim Finkle and Jennifer Saba
BOSTON/NEW YORK, June 6 Computer security
experts in the United States and Europe warned they have
uncovered evidence that the social networking site LinkedIn
has suffered a data breach that compromised the
passwords of an unknown number of its users.
LinkedIn said via Twitter early on Wednesday that it was
"unable to confirm" that a security breach had occurred. "Our
team continues to investigate," the Tweet said.
Officials with the professional networking site could not be
reached to elaborate.
Computer security experts discovered files with some 6.4
million scrambled passwords on Tuesday, which they originally
suspected belong to LinkedIn members because some of the
passwords included the phrase "LinkedIn," said Graham Cluley, a
senior technology consultant with British computer security
software maker Sophos.
When Sophos dug further, it turned out that other passwords
found in the list belonged to Sophos employees who only used
them to secure their LinkedIn accounts, he said. But it is
possible that all or just some of those 6.4 million passwords
belong to LinkedIn members, Cluley added.
The data was found on underground websites where criminal
hackers frequently exchange stolen information, including
The files only included passwords and not corresponding
email addresses, which means that people who download the files
and unscramble the passwords will not easily be able to access
any accounts with compromised passwords.
Yet analysts said it is likely that the hackers who stole
the passwords also have the corresponding email addresses and
would be able to access the accounts.
Marcus Carey, security researcher at Boston-based Rapid7,
said he was "highly confident" that LinkedIn had been the victim
of a serious breach, based on his analysis of the data posted on
He said he believed the attackers had been inside LinkedIn's
network for at least several days, based on the type of
information stolen and quantity of data released.
"While LinkedIn is investigating the breach, the attackers
may still have access to the system," Carey warned. "If the
attackers are still entrenched in the network, then users who
have already changed their passwords may have to do so a second
Security software maker F-Secure of Finland warned LinkedIn
customers to be on the lookout for scam emails that might be
sent to them using data stolen from the social networking site.
"Will happen," F-Secure Chief Research Officer Mikko
Hypponen said via Twitter.
LinkedIn, which had its debut last year, is an online social
media company that caters to companies seeking employees and
people scouting for jobs.
It has more than 161 million members worldwide. One of the
Mountain View, California-based company's main initiative is to
grow internationally - 61 percent of its membership is located
outside the United States.
The company was co-founded by former PayPal executive Reid
Hoffman in 2002 and makes money selling marketing services and
subscriptions to companies and job seekers.