[ by Howard Haykin ] Computer security experts in the U.S. and Europe warned they uncovered evidence that the LinkedIn social networking site - popular with business professionals - suffered a data breach that may have compromised the passwords of millions of users. LinkedIn currently has over 161 million members worldwide.  Based in Mountain View, CA, one of the company's main initiatives is to grow internationally - 61% of its membership is located outside the U.S. On Wednesday, LinkedIn Corp issued a Tweet and a statement on its blog, saying that it was "unable to confirm" that a breach had occurred.  An engineer said in the blog, "Our security team continues to investigate." Sit Back and Wait. It could take several days - up to a week - for LinkedIn to confirm the breach and identify its source, according to a senior security researcher with Cloudmark, Mary Landesman.  Another security researcher, Marcus Carey, with Boston-based Rapid7, said he was "highly confident" that LinkedIn had been the victim of a serious breach, based on his analysis of the data posted on the forums.  He believes the attackers had been inside LinkedIn's network for at least several days, based on the type of information stolen and quantity of data released.

Mr. Carey further added: "While LinkedIn is investigating the breach, the attackers may still have access to the system.  If the attackers are still entrenched in the network, then users who have already changed their passwords may have to do so a second time."

Advice From LinkedIn. Officials with LinkedIn declined to comment on whether an attack might still be in progress.  The site did provide advice on how customers can change their passwords after several security firms issued advisories suggesting that they do so immediately.

"While our investigation continues, we thought it would be a good idea to remind our members that one of the best ways to protect your privacy and security online is to craft a strong password, to change it frequently ... and to not use the same password on multiple sites."

What Alleged Damage Was Found. In the suspected LinkedIn breach, computer security experts discovered files with some 6.4 million scrambled passwords on Tuesday, which they originally suspected belong to LinkedIn members because some of the passwords included the phrase "LinkedIn," said Graham Cluley, with British computer security software maker Sophos.  When Sophos dug further, it turned out that other passwords found on the list belonged to Sophos employees who only used them to secure their LinkedIn accounts.  It's possible that all or just some of those 6.4 million passwords belong to LinkedIn members, Mr. Cluley added. The data was found on underground websites where criminal hackers frequently exchange stolen information, including scrambled passwords.  The files included only passwords and not corresponding email addresses, which means that people who download the files and unscramble the passwords will not easily be able to access any accounts with compromised passwords. Yet analysts said it is likely that the hackers who stole the passwords also have the corresponding email addresses and would be able to access the accounts. Possible Deficiencies at LinkedIn or 'Salt' in the Wound. At least 2 security experts who examined the files believed to contain the stolen LinkedIn passwords said the company had failed to use best practices for protecting the data.  They said LinkedIn used a vanilla or basic technique for encrypting, or scrambling, the passwords which allows hackers to quickly unscramble all passwords after they figure out the formula by which any single password has been encrypted. LinkedIn could have used a technique known as "salting" to make it extremely tedious for passwords to be unscrambled.  The technique adds a secret salt to each password before scrambling it. Last year, a security researcher warned that LinkedIn had flaws that make users' accounts vulnerable to attack by hackers because of the way it manages cookies. LinkedIn was co-founded by former PayPal executive Reid Hoffman in 2002 and makes money selling marketing services and subscriptions to companies and job seekers. For further details, go to:   [Reuters, 6/6/12].