LinkedIn Working on New Security Enhancements

youredthiswrong

New Member
224
4
0
Following a messy week for career-networking site LinkedIn where nearly 6.5 million account passwords were stolen and published on a Russian hacker forum, the company said it will be taking new security measures to ensure member protection.

“We continue to execute on our security roadmap, and we’ll be releasing additional enhancements to better protect our members,” Vicente Silveira, a director at LinkedIn, said via a company blog post.

In fact, Silveira noted that prior to the password hacking, LinkedIn was already working on a transition from a password database system with hashed passwords — which provided one layer of encoding — to a system with both hashed and salted passwords. This provides an extra layer of protection and is considered a best practice within the industry.

News first surfaced about the security breach after a Russian hacker said he stole 6,458,020 encrypted LinkedIn passwords and posted them online (without usernames) to prove his feat. The breach came on the heels of news that LinkedIn’s iOS app potentially violates user privacy by sending detailed calendar entries to its servers.

The company also emphasized in the blog post that the compromised passwords were not published with corresponding email logins — the only information published was the passwords.

“Thus far, we have no reports of member accounts being breached as a result of the stolen passwords,” Silveira said. “Based on our investigation, all member passwords that we believe to be at risk have been disabled.”

After LinkedIn learned of the news on Wednesday, it launched an investigation to confirm that the LinkedIn member passwords were compromised. Following confirmation, member accounts who were at risk and whose decoded passwords had already been published had their passwords disabled.

Those users received an email sent by LinkedIn’s customer service team with details about how to update their password information.

In the meantime, LinkedIn is actively working with the FBI to pursue the hacker or hackers behind the crime.

Said LinkedIn, “As you may have heard, there have been reports of other websites that have suffered similar thefts. We want to be as transparent as possible while at the same time preserving the security of our members without jeopardizing the ongoing investigation.”

Source: http://mashable.com/2012/06/10/linkedin-hacked-security/
 

dexterlablab1

New Member
293
11
0
This was a given, with the way they were just recently hacked and their stock value took a hit because of it.

But what I don't understand is why LinkedIn? Out of ALL the companies that deserve it, LinkedIn?
 

NewDCD

New Member
213
5
0
This was a given, with the way they were just recently hacked and their stock value took a hit because of it.

But what I don't understand is why LinkedIn? Out of ALL the companies that deserve it, LinkedIn?
If you went to Facebook or a small forum or something, you might get the info on a few kids along with the ride. On the other hand, if you go to LinkedIn, which is a social network for professionals (and thus, obviously manage their own finances for the most part), you could get their information and it'd be more profitable. Say they use the same password for LinkedIn and their Paypal, and their Paypal e-mail is found somewhere in their LinkedIn profile. All it takes is to go to their Paypal, transfer the funds around a few dummy Paypals, and close the dummies when they reach their destination. Bam, profitable theft.
 

dexterlablab1

New Member
293
11
0
If you went to Facebook or a small forum or something, you might get the info on a few kids along with the ride. On the other hand, if you go to LinkedIn, which is a social network for professionals (and thus, obviously manage their own finances for the most part), you could get their information and it'd be more profitable. Say they use the same password for LinkedIn and their Paypal, and their Paypal e-mail is found somewhere in their LinkedIn profile. All it takes is to go to their Paypal, transfer the funds around a few dummy Paypals, and close the dummies when they reach their destination. Bam, profitable theft.
Ah ok, so basically this isn't about anything LinkedIn has done to customers. Instead, it's more about hacking now for potential fraud later
 

NewDCD

New Member
213
5
0
Ah ok, so basically this isn't about anything LinkedIn has done to customers. Instead, it's more about hacking now for potential fraud later
It's the most likely scenario. What's the point of illegally adquiring that sort of information otherwise?
 

Creaky

Admin
3,470
15
38
Top be honest any site that big should have had something like this to start with, security of peoples personal data should be top priority.
 

NewDCD

New Member
213
5
0
Top be honest any site that big should have had something like this to start with, security of peoples personal data should be top priority.
Data security is one heck of a crapshoot, though. You think you have a great, safe system, and then someone finds the most minimal of vulnerabilities in your setup and exploits it to hell and back. Just look at the PSN breach from last year. For all extents and purposes, that data was safely guarded. And then that happened.
 

Creaky

Admin
3,470
15
38
Data security is one heck of a crapshoot, though. You think you have a great, safe system, and then someone finds the most minimal of vulnerabilities in your setup and exploits it to hell and back. Just look at the PSN breach from last year. For all extents and purposes, that data was safely guarded. And then that happened.
I realise it's not easy, work with very confidential info every day. Nothing will ever be 100% secure, someone will always find a way in if they really want to.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Top