LinkedIn sprinkles salt after password scare

Powered by SC Magazine
 

Claims no reports of compromised accounts.

LinkedIn has implemented salting capabilities to protect user passwords following news last week that scores of user passwords had been stolen.

While it had "been working around the clock" to add the cryptograhic security measure to new passwords, those which were swiped and later published online were not salted.

Its investigation found that the stolen passwords were not published with corresponding email logins; those members it believed to be at risk had their passwords disabled and were sent an email by its customer service team.

“At this time, there have been no reports of compromised LinkedIn accounts as a result of this password theft. We are continuing to work with law enforcement as they investigate this crime. The health of our network, as measured by member growth and engagement, remains as strong as it was prior to the incident.”

Following the incident, it said that the technology team at LinkedIn has completed a long-planned transition from a password database system that hashed passwords, to a system that both hashes and salts the passwords to provide an extra layer of protection.

“We are profoundly sorry for this incident. Member security is vitally important to us, and transparency is a priority as well. We will provide further updates as warranted by any new developments.”

About four per cent of the emails received by LinkedIn users, or 250,000, were tagged as junk by recipients according to security firm Cloudmark. 

Its spam-filtering system found that a specific signature was assigned to the LinkedIn message, which allowed researchers to estimate how many were marked as spam, leading to users not knowing that they had a compromised password.

"LinkedIn tends to send out a lot of messages that people don't want to read. LinkedIn should be more careful about the general emails that they send to people so users pay attention when the company has something to say,” said Cloudmark researcher Andrew Conway.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition


LinkedIn sprinkles salt after password scare
 
 
 
Top Stories
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
What InfoSec can learn from the insurance industry
[Blog post] Another way data breach laws could help manage risk.
 
A ten-point plan for disrupting security
[Blog post] How can you defend the perimeter when it’s in the cloud?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1047

Vote