Recent news has reported that 6.5 million LinkedIn account passwords have been stolen and published on an unauthorized website. LinkedIn is taking this breach very seriously and working with the FBI to pursue leads of this crime. However, LinkedIn is not the only website that has suffered from this type of theft. They wish to keep the public up to date with this information to protect their users without compromising the investigation. LinkedIn has had some reoccurring questions that they have been receiving, and have responded to them to explain some precautions members should be taking.
On a lighter note, it should be comforting to know that compromised passwords that were stolen were not published with their corresponding email logins. When the passwords were stolen, several of them remained encoded, but a subset of them were decoded. LinkedIn is currently not aware of any member information being published; only the password information itself was published.
Here are some of the common questions being asked that were answered by LinkedIn:
- Am I at risk of having my account breached?
As of right now there are no reports of member accounts being breached, and all of the member passwords that are thought to be at risk has been disabled.
2. News on the theft broke on Wednesday. Why didn’t I immediately receive notification that my password was disabled?
Upon learning about the theft, they launched an investigation to confirm that the passwords belonged to LinkedIn members. After receiving confirmation of this, they immediately began to address the risk of their members prioritized as follows:
The members believed to be at risk based on the investigation, had their passwords quickly disabled and were sent an email by the Customer Service Team. By the end of Tuesday, passwords on the published list that were at risk had been disabled. This includes all of the passwords on the published list regardless of if they were decoded or not. After the passwords had been disabled, these members were notified with instructions on how to reset their passwords.
- What is LinkedIn doing to protect its members?
LinkedIn has a world-class security team consisting of Ganesh Krishan, a former vice president and chief information security officer at Yahoo!. The security team directly reports to LinkedIn’s senior vice president of operations, David Henke.
One of the major initiatives of this team was to transform the password security system. They changed the system from one layer of encoding to add an extra layer of protection that is widely recognized across the industry as the best practice. This transition was complete prior to the news of the theft on Wednesday. They are continuing to enhance their security system to better protect their members.
- My password has not been disabled, what should I do now?
Based on the investigation, if your password had not been disabled, then LinkedIn does not believe your account is at risk. Although, it is a good practice to change your passwords every few months to secure your information. In light of all of this, LinkedIn strongly urges it’s members to change their passwords with the information provided here:http://blog.linkedin.com/2012/06/07/taking-steps-to-protect-our-members/ .