Experts claim the major hack attack on LinkedIn has exposed just how unworkable the new EU data laws will be – which demand breach notification within 24 hours – amid warnings all 161 million users could be at risk.
The breach came to light on Tuesday, when a hacker with the username ‘dwdm’ appealed for help on a Russian forum to decrypt 6.5 million files and access original passwords. By yesterday morning, hackers claimed to have revealed hundreds of thousands of passwords.
However, LinkedIn has refused to reveal how many accounts have been affected. And with 48 hours now passed, the company would be in breach of the new European data laws, which, when approved, demand that all users are notified of a data breach within 24 hours.
Meanwhile, there are fears the 6.5 million passwords could be just “the tip of the iceberg”, with one security expert warning the entire user base of 161 million could be at risk.
Users of the business social media site are being urged to change their passwords on all their accounts – including Facebook and Twitter – as people often use the same one across multiple sites.
Speaking on BBC Breakfast technology expert Tom Cheesewright said: “We don’t know how many they have; the 6.5 million could be just the tip of the iceberg. They could have millions more, and even the user names to go with them.
“The advice is to change all your passwords, not just for LinkedIn. The reality is that most people use the same password for other sites too, such as Facebook, Twitter and email. If they can get into your accounts they could soon be spreading viruses and malware around the world.”
LinkedIn, which has 9 million users in the UK, posted an official statement which said: “We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts.”
A spokesman for LinkedIn said: “Our team continues to investigate.”
Charlie says: “72 hours on and it appears we are none the wiser about whose passwords have been stolen. I have already changed my password but have not heard a word from the company itself…despite its PR machine going into overdrive to tell us how hard it is working to reassure customers. While the network has put up two blog postings about the breach, there isn’t any information on its actual website. And with some experts claiming the leaked passwords could potentially give cybercriminals access to business emails and confidential data, is LinkedIn really doing enough?”