The e-mail read: “…In order to ensure that you continue to have the best experience using LinkedIn, we are constantly monitoring our site to make sure your account information is safe. We have recently disabled your account for security reasons…” The message goes on to explain how to reset your password.
This morning, they tweeted, “sorry for the inconvenience, as a proactive measure we’ve reached out to users potentially affected by the gawker breach regarding password”
LinkedIn has a security team that keeps them abreast of everything that’s current on the Internet. They take action on anything deemed relevant or potentially threatening to their 85 million members’ LinkedIn profiles. The team downloaded the list of e-mails that had been harmed by the hacks and overlapped the list with all LinkedIn accounts. LinkedIn wouldn’t disclose the number of people they emailed but it was a small fraction of LinkedIn’s users on the Gawker list. LinkedIn did not match passwords, but only looked at the corresponding e-mail addresses.
In the interest of safety LinkedIn shut down and suspended every person’s account who was on the list. “We just wanted to stop the Gawker messages and passwords by going further than they already have,” said LinkedIn.
In their blog post today, LinkedIn writes,
Many of you may have heard by now that a prominent blog had its commenting system hacked into and a large number of user names and passwords were exposed.
As we closely monitored the situation, we decided it was imperative to take preemptive action to help ensure that those leaked passwords were not being used to attack any LinkedIn members.
Here’s how we’ve taken steps to address this situation in the past 24 hours. We’ve identified a very small fraction of our members whose accounts could potentially be affected by the recent breach. If you were in the group of users who may have been at risk, you should have received an email with instructions to reset your password. Note, to make sure we have you covered, you will receive an email from us to each email you have on file. You only need to act on one of them.
Even if you weren’t affected, it is a good reminder to proactively manage your online accounts. The number one tip is to use a unique password for each site. For additional tips check out my other post on security here.
LinkedIn acted commendably and safely to keep their name clear as well as to stop users from having more information stolen. For a complete run down of Gawker’s security hacks this weekend, read our earlier post.