LinkedIn: No accounts breached despite password leaks

LinkedIn have reassured their userbase that no accounts were breached despite hackers grabbing some 6.5 million passwords last week in the biggest security attack the business-focussed network has ever experienced.

LinkedIn have stated that quick action on their behalf (disabling all affected passwords and quickly notifying affected users) prevented any further damage to users of the service.

“Thus far, we have no reports of member accounts being breached as a result of the stolen passwords,” said LinkedIn director Vincente Silveira on the company blog.

“As soon as we learned of the theft, we launched an investigation to confirm that the passwords were LinkedIn member passwords,” he continued.

“Once confirmed, we immediately began to address the risk to our members.

“We have built a world-class security team here at LinkedIn including experts such as Ganesh Krishnan, formerly vice president and chief information security officer at Yahoo!, who joined us in 2010. This team reports directly to LinkedIn’s senior vice president of operations, David Henke.

“Under this team’s leadership, one of our major initiatives was the transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashed and salted the passwords, i.e. provided an extra layer of protection that is a widely recognized best practice within the industry.”

No word yet on who carried out the attack, but LinkedIn are taking the whole thing very seriously indeed, enlisting the help of the FBI to catch the perpetrators.