The company said it is working closely with the FBI to pursue the perpetrators, and wantsto be as transparent as possible while preserving the security of its members.
LinkedIn director Vicente Silveira wrote in a blog post that the compromised passwords were not published with corresponding email logins, meaning that it is unlikely they could be used to hack into accounts.
While the vast majority of the passwords were encrypted, a subset was decoded, admitted Silveira. However, all member passwords deemed to be at risk have been disabled, and there have been no reports of member accounts being breached as a result of the stolen passwords.
"By the end of Thursday, all passwords on thepublished list that we believed created risk for our members, based on our investigation,had been disabled," said Silveira. "This is true, regardless of whether or not the passwords were decoded."
He added that the company's in-house security team recently completed the transition from a password database system that simply hashes passwords to a system that both hashes and salts passwords, providing an extra level of protection.
"We continue to execute on our security roadmap, and we'll be releasing additional enhancements to better protect our members," said Siveira.
Courtesy pcworld.
0 comments:
Post a Comment
Your comments are appreciated.
Feel free to drop them and I will get back to you as soon as possible. Thanks.