Over 150 million LinkedIn users worldwide last Wednesday woke up to the news that about 6.5 million user log in passwords were stolen by cyber criminals and published on a hacker website.
Since then the professional social networking service provider has been making several attempts to contain the fallout and to retain the trust of customers, so that it doesn't affect the site popularity and its usership.
According to the company, after engaging in a serious investigation into the situation they are of the opinion that, though millions of passwords were stolen from LinkedIn, the hackers were unable to crack the coding of the majority of them which remained hashed (#) i.e encoded, means they failed to decode the millions of the password so that they could be used for logging in.
However, the hackers were successful in decoding a subset of the passwords. The company which has been communicating through its official blog spot regarding the developments in the security breach incident, informed that the compromised accounts were disabled immediately, including others which could potentially be affected.
Further, the company claimed that compromised passwords were not published with corresponding email logins.
If what the company is saying is true, the affected users may not have much to fear. Though the hackers were able to procure a few of the encrypted codes from its hashed formats, they cannot redirect the users account since the cyber perpetrators didn't have the login ids.
The affected users would be contacted with a message regarding the steps they have to take in resetting their passwords so they can access to their disabled accounts.
Vicente Silveira, a spokesman for the professional network, said: "Finally, we've enhanced our security measures through an additional layer of technical protection know as 'salting' to better secure your information," while asking users not to worry about the security of their privacy.
In the latest blog Vicente confirmed that LinkedIn officials were closely working with the FBI in order to purse the perpetrators. Meanwhile, he also answered few of the questions those are widely asked by the users worldwide to know what now.
Here follows common but significant questions are being answered by the network that you must know:
1. Am I at risk of having my account breached?
Thus far, we have no reports of member accounts being breached as a result of the stolen passwords. Based on our investigation, all member passwords that we believe to be at risk have been disabled.
2. News of the theft broke on Wednesday. Why didn't I immediately receive notification that my password was disabled?
As soon as we learned of the theft, we launched an investigation to confirm that the passwords were LinkedIn member passwords. Once confirmed, we immediately began to address the risk to our members, prioritized as follows:
Based on our investigation, those members whom we believed were at risk, and whose decoded passwords already had been published, had their passwords quickly disabled and were sent an email by the Customer Service team.
By the end of Thursday, all passwords on the published list that we believed created risk for our members, based on our investigation, had been disabled. This is true, regardless of whether or not the passwords were decoded. After we disabled the passwords, we contacted members with instructions on how to reset their passwords.
3. What is LinkedIn doing to protect its members?
We have built a world-class security team here at LinkedIn including experts such as Ganesh Krishnan, formerly vice president and chief information security officer at Yahoo!, who joined us in 2010. This team reports directly to LinkedIn's senior vice president of operations, David Henke.
Under this team's leadership, one of our major initiatives was the transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashed and salted the passwords, i.e. provided an extra layer of protection that is a widely recognized best practice within the industry. That transition was completed prior to news of the password theft breaking on Wednesday. We continue to execute on our security roadmap, and we'll be releasing additional enhancements to better protect our members.
4. My password has not been disabled, what should I do now?
If your password has not been disabled, based on our investigation, we do not believe your account is at risk.
However, it is good practice to change your passwords on any website you log into every few months. For that reason, we have provided information to all of our members via the LinkedIn Blog, as well as a banner on our homepage instructing members on how to change their passwords.