“The LinkedIn technology team has completed a long-planned transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashes and salts the passwords, i.e. provides an extra layer of protection,” the statement said.
The announcement follows an embarrassing security breach for the company last week when some 6.5 million encrypted passwords belonging to users of the site were stolen by hackers and posted on the web. Of these, an estimated 160,000 were cracked, though in its statement LinkedIn said that the stolen passwords were not published together with email logins, and that so far there have been no reports of compromised LinkedIn accounts.
In an effort to reassure users of its service, the company said it was continuing to work with law enforcement agencies to investigate the crime and was also looking at more ways to further upgrade security measures.
Saying it was “profoundly sorry” for the incident, the California-based company promised to provide further updates as and when information became available.
Speaking to the Wall Street Journal over the weekend, Alex Stamos of web security firm Artemis Internet said that while LinkedIn’s security system was deemed solid a couple of years ago, recently it had become easier to crack.
He added that LinkedIn users, or anybody with online accounts for that matter, should be sure not to use the same password for more than one site. Easier said than done, we know, but failing to take sensible precautions with online security could result in a right royal mess in the future.
Popular with professionals around the world, LinkedIn has attracted around 160 million members since it first came on the scene in 2003.