LinkedIn is providing fresh information on its security issues and the steps it has taken to protect its members. The social network sent out a group email earlier today addressing the data breach that saw millions of passwords leaked to the internet last week.
Upon learning of the leak, LinkedIn states that it invalidated the passwords at risk. It had already been confirmed that the breach itself took place in 2012 and reportedly saw 167 million LinkedIn account records hacked.
The career-oriented platform in its statement added that the accounts that were targeted were all created prior to the 2012 breach, and that no passwords have been reset since then.
The statement also detailed the extent of the information that was stolen. According to LinkedIn the data included email addresses and member IDs — the latter are a form of internal identifier assigned to each account.
The initial criticism directed toward the company centered on its weak password protection tools, in particular the fact that the data was not salted. In response, LinkedIn claims that it now uses salted hashes to store passwords. It also indicated that it offers an added form of protection in the form of its dual-factor authentication option.
“We are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts,” reads the email. “We are also actively engaging with law enforcement authorities.”
In a prior update, the platform claimed that it had demanded that third parties put a stop to leaking its password data, and that it would pursue legal action if they failed to comply.
For those still worried about account security, LinkedIn’s chief information security officer, Cory Scott, has the following words of advice: “We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible.”
- Kanopy privacy breach reveals which movies members have been streaming
- Marriott asking guests for data to see if they were victims of the Starwood hack
- Zombieload forces a choice between performance and security. What will you do?
- What is AirBnb? Here’s all you need to know about being a guest or host
- Facebook says it unintentionally uploaded email contacts of 1.5 million users