We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

LinkedIn claims vulnerable passwords have been disabled

No member accounts have been breached as a result of the cyber attack

Business social network LinkedIn issued more information and advice to its users over the weekend, in the wake of a massive cyber attack in which 6.5 million passwords were stolen.

The company said it is working closely with the FBI to pursue the perpetrators, and wants to be as transparent as possible while preserving the security of its members.

LinkedIn director Vicente Silveira wrote in a blog post that the compromised passwords were not published with corresponding email logins, meaning that it is unlikely they could be used to hack into accounts.

While the vast majority of the passwords were encrypted, a subset was decoded, admitted Silveira. However, all member passwords deemed to be at risk have been disabled, and there have been no reports of member accounts being breached as a result of the stolen passwords.

"By the end of Thursday, all passwords on the published list that we believed created risk for our members, based on our investigation, had been disabled," said Silveira. "This is true, regardless of whether or not the passwords were decoded."

He added that the company's in-house security team recently completed the transition from a password database system that simply hashes passwords to a system that both hashes and salts passwords, providing an extra level of protection.

"We continue to execute on our security roadmap, and we'll be releasing additional enhancements to better protect our members," said Siveira.

Following the LinkedIn hack last Wednesday, both the online dating site eHarmony and London radio station Last FM suffered similar password leaks. Graham Cluley, security expert at Sophos, told the BBC that the sites could have shared the same vulnerability.

"Can it be coincidence? It seems unlikely to me. There's a mystery in the middle of the LinkedIn breach about how they got the data. You have to worry there's a common vulnerability," he said.

Both companies are advising users to change their passwords.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia