Skip to main content

LinkedIn says no accounts breached following password theft

LinkedIn says no accounts breached following password theft
Despite the breach, LinkedIn claims it has a world class security team

LinkedIn has blogged to reassure users that no accounts were compromised as a result of last week's mass password theft.

The professional social network says it is working with the FBI to catch the perpetrators that took and then published the passwords of 6.5 million users online.

When the theft came to light on Wednesday, LinkedIn says that it reacted quickly to disable all passwords, instructing users to reset their passwords before accessing their account.

The company reckons this prevented any of the affected accounts being compromised.

Addressing the risk

"Thus far, we have no reports of member accounts being breached as a result of the stolen passwords," wrote LinkedIn director Vincente Silveira.

"As soon as we learned of the theft, we launched an investigation to confirm that the passwords were LinkedIn member passwords," he continued. "Once confirmed, we immediately began to address the risk to our members."

World class security team?

Since the attack, life hasn't been much fun for the LinkedIn team. The company's security procedures and the speed at which users were notified has come under intense scrutiny.

However, despite all the drama, Silveira claimed the network still boasts a 'world class' security team.

He wrote: "We have built a world-class security team here at LinkedIn including experts such as Ganesh Krishnan, formerly vice president and chief information security officer at Yahoo!, who joined us in 2010. This team reports directly to LinkedIn's senior vice president of operations, David Henke.

"Under this team's leadership, one of our major initiatives was the transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashed and salted the passwords, i.e. provided an extra layer of protection that is a widely recognized best practice within the industry."

As yet, there are few clues as to who carried out the attack.

Via: WSJ