![]() ![]() Here are the facts as we know them and as it relates to this most recent incident: Recent reports of celebrity accounts being compromised on social media have resulted in questions about connections to the 2012 LinkedIn data breach. If you have questions about your personal account, please contact us here. We will soon be sending more information to all members that could have been affected, even if they’ve updated their password. These were accounts that had not reset their passwords since the 2012 breach. We’ve finished our process of invalidating all passwords we believed were at risk. We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply. In the meantime, we are using automated tools to attempt to identify and block any suspicious activity that might occur on affected accounts. Feel free to reset your password by following the directions here. However, regularly changing your password is always a good idea and you don’t have to wait for the notification. We will be letting individual members know if they need to reset their password. We have begun to invalidate passwords for all accounts created prior to the 2012 breach that haven’t updated their password since that breach. ![]() We're moving swiftly to address the release of additional data from a 2012 breach, specifically: We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We take the safety and security of our members' accounts seriously. ![]() We have no indication that this is as a result of a new security breach. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure. To stay protected, LinkedIn users should update their passwords on the site (and anywhere else they may have reused the same password online) and also implement two-factor authentication-a feature that sends a security code to a user’s phone upon login.In 2012, LinkedIn was the victim of an unauthorized access and disclosure of some members' passwords. Presumably, LinkedIn began “salting” their passwords after the 2012 incident. Scott added that the site had been encrypting and “salting”-or appending random data to the passwords before they’re encrypted to make them less crackable-”for several years.” Leaked Source noted, however, that the leaked passwords it had obtained were encrypted (with the SHA-1 hashing function), but lacked the “salting” security feature. “We have no indication that this is as a result of a new security breach.” “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords,” he said. He mentioned that the company had required “all accounts we believed to be compromised” to reset their passwords in 2012, and that it recommended all other users else reset their passwords as well. “Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012,” Scott wrote. Cory Scott, LinkedIn’s chief information security officer, published a post addressing the incident on the professional network’s official blog on Wednesday. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |