LinkedIn has confirmed that user passwords to its site were compromised, giving the official nod to the story that has been raging all day, that million of passwords to the website had leaked. LinkedIn claimed to be “continuing to investigate” the issue. Affected members will be alerted by LinkedIn, via email, of the issue. A second email will follow with more context, again from LinkedIn.
Interestingly, LinkedIn is claiming that it recently added in new security measures to protect its users:
“affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.”
Why the company wasn’t doing that before, is unknown. If you would like to check to see if your password was leaked head here. For more context on the situation, head here, and here. LinkedIn concluded its post with a ‘sincere apology.’
The LinkedIn story has had sufficient legs that some members of the US Congress are hailing it as an example for the need of new sorts of legislation to help protect, and control, user data. LinkedIn released a set of best practices for its users, on how to stay safe. They can be found here.
As our title reflects, not all of the passwords that were attributed to LinkedIn earlier today appear to be for the site. According to Ars Technica, some are connected to dating websites.