The news of 6.5 million LinkedIn hashed passwords being stolen and subsequently published on unauthorized websites is not unknown to anyone now, and LinkedIn has finally given updates about the security breach on their blog. The company has stated that it is closely working with the FBI, as they aggressively chase down the perpetrators of this crime. The company is trying to be as transparent as possible in the investigation, while preserving the security of their members, at the same time. They have made a couple of statements via their official blog post.
Firstly, the compromised passwords have not been published with corresponding e-mail logins. At the time they were initially published, the vast majority of those passwords remained hashed, i.e. encoded, but unfortunately a subset of the passwords were decoded. Again, there have been no instances of any member information being published at any time in connection with the list of stolen passwords. The only information published was the passwords themselves.
Another one bites the dust
So, what has LinkedIn been doing to protect its members? The company’s major initiatives included the transition from a password database system that hashed passwords, that is provided one layer of encoding, to a system which both hashed and salted the passwords, i.e. provided an extra layer of protection. This is a widely recognized practice within the industry. That transition was completed prior to news of the password theft breaking on Wednesday. They continue to execute this on the security roadmap, and will be releasing additional enhancements to better protect the members from any future mishaps. The company has given some advice as well stating that, "it is good practice to change your passwords on any website you log into every few months. For that reason, we have provided information to all of our members via the LinkedIn Blog, as well as a banner on our homepage instructing members on how to change their passwords."
Along with this, they have stated a sincere apology for any incovenience caused to its members by this recent security breach. The entire update on the steps they are taking can be viewed here.
Published Date: Jun 11, 2012 01:40 pm | Updated Date: Jun 11, 2012 01:40 pm