Computer security experts in the United States and Europe warned they have uncovered evidence that the social networking site LinkedIn has suffered a data breach that compromised the passwords of an unknown number of its users.
LinkedIn said via Twitter early on Wednesday that it was "unable to confirm" that a security breach had occurred. "Our team continues to investigate," the Tweet said.
Officials with the professional networking site could not be reached to elaborate.
Computer security experts discovered files with some 6.4 million scrambled passwords on Tuesday, which they originally suspected belong to LinkedIn members because some of the passwords included the phrase "LinkedIn," said Graham Cluley, a senior technology consultant with British computer security software maker Sophos.
When Sophos dug further, it turned out that other passwords found in the list belonged to Sophos employees who only used them to secure their LinkedIn accounts, he said. But it is possible that all or just some of those 6.4 million passwords belong to LinkedIn members, Cluley added.
The data was found on underground websites where criminal hackers frequently exchange stolen information, including scrambled passwords.
The files only included passwords and not corresponding email addresses, which means that people who download the files and unscramble the passwords will not easily be able to access any accounts with compromised passwords.
Yet analysts said it is likely that the hackers who stole the passwords also have the corresponding email addresses and would be able to access the accounts.
Marcus Carey, security researcher at Boston-based Rapid7, said he was "highly confident" that LinkedIn had been the victim of a serious breach, based on his analysis of the data posted on the forums.
He said he believed the attackers had been inside LinkedIn's network for at least several days, based on the type of information stolen and quantity of data released.
"While LinkedIn is investigating the breach, the attackers may still have access to the system," Carey warned. "If the attackers are still entrenched in the network, then users who have already changed their passwords may have to do so a second time."
Security software maker F-Secure of Finland warned LinkedIn customers to be on the lookout for scam emails that might be sent to them using data stolen from the social networking site.
"Will happen," F-Secure Chief Research Officer Mikko Hypponen said via Twitter. A federal judge ordered the U.S. Food and Drug Administration to reconsider two public petitions to restrict the use of certain antibiotics in animal feed, court filings showed.
The ruling, filed on Friday, marks a second key setback for the FDA amid growing criticism that overuse of antibiotics in animal feed is endangering human health by creating antibiotic-resistant bacteria.
The company was co-founded by former PayPal executive Reid Hoffman in 2002 and makes money selling marketing services and subscriptions to companies and job seekers.
© 2023 Thomson/Reuters. All rights reserved.