Earlier today, reports started coming in that over 6.4 million passwords from the business-themed social networking service LinkedIn had reportedly been stolen by a unnamed person or persons and posted on a Russian language forum. LinkedIn at first claimed that it was unable to confirm any kind of security breach. Later in the day, the company did admit that a breach of its servers did occur, but would not state how many accounts were compromised.
Now The New York Times is reporting that criminals are already using the lifted LinkedIn accounts to send emails to others. The emails ask people to click on a link to "confirm" their email address, when in fact the links take users to scam websites.
In its blog post today, LinkedIn said the people that are the victims of the compromised accounts will now find that their passwords no longer work and will receive emails with information on how to change their passwords, without the need for an embedded link.
The company did not state how these account passwords got out in the open. LinkedIn added, "We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously."
Update from Mashable: The company promised to add another layer of security by salting as well as hashing its database for account passwords, which makes the encrypted passwords harder to crack.
Source: New York Times