LinkedIn is working with law enforcement to investigate the recent leak of millions of its users hashed passwords, says Director Vicente Silveira. In a blog post, Silveira also said that no email logins linked to the accounts had been leaked, making it more difficult for those passwords to be put to use.
“From the moment we became aware of this issue,” says Silveira, “we have been working non-stop to investigate it.”
He goes on to note that the accounts of those with decoded passwords were the first it disabled, but now it is going on to invalidate any password that could be in the group of affected passwords.
Our first priority was to lock down and protect the accounts associated with the decoded passwords that we believed were at the greatest risk. We’ve invalidated those passwords and contacted those members with a message that lets them know how to reset their passwords.
Going forward, as a precautionary measure, we are disabling the passwords of any other members that we believe could potentially be affected. Those members are also being contacted by LinkedIn with instructions on how to reset their passwords.
All of the passwords in LinkedIn’s database are now salted and hashed, something that it was not doing previously. Some 6.5M passwords that included those of LinkedIn users and those of dating site eHarmony, were leaked early today.
Image Credit: Ann Marie Michaels
Get the TNW newsletter
Get the most important tech news in your inbox each week.