TVNewser Jobs PRNewser Jobs AgencySpy Jobs SocialTimes Jobs

Posts Tagged ‘Vicente Silveira’

LinkedIn Posts Update to Last Week’s 6.5 Million Hacked Passwords

Everything has a password — your gmail account, Facebook profile and oh yes, your LinkedIn account. Just last week LinkedIn had a major security breach that’s a serious matter.

On Saturday, the social networking site for careers blogged about an update to last week’s situation. Vicente Silveira wrote:

By now, many of you have read recent headlines reporting that 6.5 million LinkedIn hashed passwords were stolen and published on an unauthorized website. We take this criminal activity very seriously so we are working closely with the FBI as they aggressively pursue the perpetrators of this crime. As you may have heard, there have been reports of other websites that have suffered similar thefts. We want to be as transparent as possible while at the same time preserving the security of our members without jeopardizing the ongoing investigation. In this post, we want to address questions we’ve been receiving and share what we’ve learned so far about the incident, how we’ve responded, and what we’re doing to protect our members going forward.

First, it’s important to know that compromised passwords were not published with corresponding email logins. At the time they were initially published, the vast majority of those passwords remained hashed, i.e. encoded, but unfortunately a subset of the passwords was decoded. Again, we are not aware of any member information being published at any time in connection with the list of stolen passwords. The only information published was the passwords themselves.

Here are the most common questions we are being asked by our members:

1. Am I at risk of having my account breached?
Thus far, we have no reports of member accounts being breached as a result of the stolen passwords. Based on our investigation, all member passwords that we believe to be at risk have been disabled.

2. News of the theft broke on Wednesday. Why didn’t I immediately receive notification that my password was disabled?
As soon as we learned of the theft, we launched an investigation to confirm that the passwords were LinkedIn member passwords. Once confirmed, we immediately began to address the risk to our members, prioritized as follows:

Based on our investigation, those members whom we believed were at risk, and whose decoded passwords already had been published, had their passwords quickly disabled and were sent an email by the Customer Service team.

By the end of Thursday, all passwords on the published list that we believed created risk for our members, based on our investigation, had been disabled. This is true, regardless of whether or not the passwords were decoded. After we disabled the passwords, we contacted members with instructions on how to reset their passwords.

3. What is LinkedIn doing to protect its members?
We have built a world-class security team here at LinkedIn including experts such asGanesh Krishnan, formerly vice president and chief information security officer at Yahoo!, who joined us in 2010. This team reports directly to LinkedIn’s senior vice president of operations, David Henke.

Under this team’s leadership, one of our major initiatives was the transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashed and salted the passwords, i.e. provided an extra layer of protection that is a widely recognized best practice within the industry. That transition was completed prior to news of the password theft breaking on Wednesday. We continue to execute on our security roadmap, and we’ll be releasing additional enhancements to better protect our members.

4. My password has not been disabled, what should I do now?
If your password has not been disabled, based on our investigation, we do not believe your account is at risk.

However, it is good practice to change your passwords on any website you log into every few months. For that reason, we have provided information to all of our members via theLinkedIn Blog, as well as a banner on our homepage instructing members on how to change their passwords.

Once again, we truly apologize for any inconvenience this has caused you, our members.

Mediabistro Course Social Media 101

Get hands-on social media training for beginners in our online boot camp, Social Media 101! Starting September 4, social media and marketing experts will help you determine the social media sites that matter most to you, based on your personal and professional goals. Hurry, this boot camp starts next week! Register now!

The post Featured Post appeared first on MBToolBox.

LinkedIn Posts Update on Compromised Passwords

By now you’ve likely heard about the millions of passwords hackers stole overseas from LinkedIn. According to a blog posted yesterday from the site, they confirmed yes, some passwords were compromised and they continue to investigate.

Here is the post written by Vicente Silveira:

We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:

  1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
  2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
  3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously. If you haven’t read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices.