Print this
LinkedIn defends reaction in wake of password theft
June 11, 2012 01:32 pm
LinkedIn moved to reassure customers about the security of their data, following a password theft that caused a black eye for the social-networking service.
LinkedIn said in a blog post over the weekend that it had received no reports that member accounts were breached as a result of the stolen passwords. The Mountain View, Calif., company has come under fire since 6.5 million user passwords were stolen and published on an unauthorized website Wednesday.
Some security experts questioned the adequacy of LinkedIn’s procedures for protecting passwords, and some users complained about delays in receiving information about the incident.
Vincente Silveira, a LinkedIn director, defended the company. He said in a blog post that the company is working closely with the FBI as it “aggressively” pursues the perpetrators of this crime.
How the passwords were stolen remained unclear. The company declined to comment beyond the blog post, citing the investigation.
“As soon as we learned of the theft, we launched an investigation to confirm that the passwords were LinkedIn member passwords,” Silveira wrote.
“Once confirmed, we immediately began to address the risk to our members.” He said the company disabled passwords that were published and alerted their users to reset the passwords.
The majority of passwords that were published were not decoded or published with corresponding log-in information, he said, so the company did not believe that any accounts were hacked. The company says it has 160 million members.
The social-networking service for professionals has been criticized for not including an extra layer of password security known as salting, and for not having a chief security officer.
Silveira said Ganesh Krishnan, the head of LinkedIn’s India technology center and the man considered the company’s security czar, led an initiative to update passwords with the salting procedure.
The company did not indicate whether the salting initiative was completed before the theft.
LinkedIn’s password security was considered state-of-the-art three or four years ago, but it since has become easier for a criminal to crack, said Alex Stamos, chief technology officer at Artemis Internet Inc., an internet-security company.
Source: The Wall Street Journal
LinkedIn said in a blog post over the weekend that it had received no reports that member accounts were breached as a result of the stolen passwords. The Mountain View, Calif., company has come under fire since 6.5 million user passwords were stolen and published on an unauthorized website Wednesday.
Some security experts questioned the adequacy of LinkedIn’s procedures for protecting passwords, and some users complained about delays in receiving information about the incident.
Vincente Silveira, a LinkedIn director, defended the company. He said in a blog post that the company is working closely with the FBI as it “aggressively” pursues the perpetrators of this crime.
How the passwords were stolen remained unclear. The company declined to comment beyond the blog post, citing the investigation.
“As soon as we learned of the theft, we launched an investigation to confirm that the passwords were LinkedIn member passwords,” Silveira wrote.
“Once confirmed, we immediately began to address the risk to our members.” He said the company disabled passwords that were published and alerted their users to reset the passwords.
The majority of passwords that were published were not decoded or published with corresponding log-in information, he said, so the company did not believe that any accounts were hacked. The company says it has 160 million members.
The social-networking service for professionals has been criticized for not including an extra layer of password security known as salting, and for not having a chief security officer.
Silveira said Ganesh Krishnan, the head of LinkedIn’s India technology center and the man considered the company’s security czar, led an initiative to update passwords with the salting procedure.
The company did not indicate whether the salting initiative was completed before the theft.
LinkedIn’s password security was considered state-of-the-art three or four years ago, but it since has become easier for a criminal to crack, said Alex Stamos, chief technology officer at Artemis Internet Inc., an internet-security company.
Source: The Wall Street Journal
