LinkedIn Admits Password Theft and Member Security EffortsBest Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES SECURITY & PRIVACY
GFI WebMonitor, Internet content filtering tool for SMBs. Download free trial now!  		Bookmark and Share 
Best Tips
Tips To Avoid EXE Errors...
What do firewalls do?
How To Setup LimeWire Fi...
Windows Vista Parental C...
Anti-Spyware Buying Tips...
Microsoft ISA Firewall S...
How To Setup Xbox 360 Fi...
How To Detect Identity T...
Safety Tips for Fighting...
ZoneAlarm Internet Secur...
Security Scanner
Security Categories
 1. Adware/Spyware
 2. Antivirus
 3. Firewall
 4. Phishing
 5. Linux Security
 6. Windows Security
 7. Security Incidents
 8. Web Security
 9. P2P Security
Reccomendations
Latest Viruses / Threats
Vuln: Symantec Encryption Desktop CVE-2012-4352 Local Buffer Overflow Privilege Escalation Vulnerability
2013/12/24 22:00:00
Vuln: Ruby on Rails CVE-2012-5664 Multiple SQL Injection Vulnerabilities
2013/12/20 22:00:00
Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html, (Thu, May 23rd)
2013/5/22 17:34:45
Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame, (Wed, May 22nd)
2013/5/22 16:52:43
Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222, (Wed, May 22nd)
2013/5/22 16:51:06
Advertise With Us !
Downloads
 0.TarcisSansUT Heavy PC
 1.Batch Fax to PDF
 2.Quick Batch File Compiler
 3.ChargeMeter - money meter & dialer prot...
 4.Wondershare Flash to PSP Converter
 5.PhotoOne Print
 6.Savannah Safari - Animated Screensaver
 7.MailTrack
 8.Avex DVD to iPhone Converter
 9.PhotoPackager
VyprVPN
VyprVPN Personal VPN lets you browse securely
Security Incidents : LinkedIn Admits Password Theft and Member Security Efforts
Posted by Max on 2012/6/13 5:45:53 (1925 reads)
Security Incidents

Since LinkedIn became aware on the morning of June 6 of the theft of approximately 6.5 million passwords, we have communicated to our members and the media regularly through various channels, including the company blog, email, social media, and the LinkedIn homepage.


To ensure a broad and accurate awareness of the company's actions and to give the public a general update, LinkedIn is providing the following summary of information that we have made public about the password theft and our subsequent investigation and response. This alert consolidates key points made in previous communications from the company. At this time, LinkedIn cannot release any further information in order to protect our members and due to the ongoing investigation:

Member Commitment &Response
--  First and foremost, LinkedIn takes all matters relating to our members' privacy and security seriously.
--  We have been working around the clock since learning last Wednesday that a possible theft of passwords had occurred.
--  As soon as we learned of the theft, we launched an investigation to confirm that the stolen passwords were, in fact, LinkedIn member passwords.
--  The stolen passwords were not published with corresponding email logins.
--  Once we were able to make this determination, we immediately began to address the risk to our members, prioritized as follows:
--  Based on our investigation, those members whom we believed were at risk, and whose decoded passwords already had been published, had their passwords quickly disabled and were sent an email by our customer service team.
--  By the end of Thursday, June 7, all passwords on the published list that we believed created risk for our members, based on our investigation, had been disabled. This is true, regardless of whether or not the passwords were decoded. After we disabled the passwords, we contacted members with instructions on how to reset their passwords.
--  At this time, there have been no reports of compromised LinkedIn accounts as a result of this password theft.
--  We are continuing to work with law enforcement as they investigate this crime.
--  The health of our network, as measured by member growth and engagement, remains as strong as it was prior to the incident.


Technology Expertise
--  LinkedIn's technology team includes world-class security experts. This team includes Ganesh Krishnan, the company's security czar, who  previously served as vice president and Chief Information Security Officer at Yahoo! Inc. He and the entire security function at LinkedIn reports to Senior Vice President of Operations David Henke. Some corporate governance experts recommend that corporations officially name Chief Information Officers and Chief Information Security Officers.

LinkedIn historically has limited C-level titles only to its Chief Executive Officer and Chief Financial Officer, so while Krishnan does not formally have the title of Chief Information Security Officer, that is the role he has played at the company since his hiring in 2010.
        
--  The LinkedIn technology team has completed a long-planned transition from a password database system that hashed passwords, i.e. provided one layer of encoding, to a system that both hashes and salts the passwords, i.e. provides an extra layer of protection.

--  For security reasons, we cannot discuss certain details of our ongoing security upgrades.
        
--  We can confirm that all member passwords now are not only hashed, but also salted, to provide an additional layer of security.
        
--  We will continue to investigate this criminal activity, and as we continue to upgrade security measures, we will keep our members updated.
 
Regulatory Compliance

--  We are compliant with SEC regulatory filing obligations.
--  In addition, we have been providing ongoing disclosures and updates to our members and to the public through postings on our corporate blog and now through this media alert.

We are profoundly sorry for this incident. Member security is vitally important to us, and transparency is a priority as well. We will provide further updates as warranted by any new developments.

About LinkedIn

Founded in 2003, LinkedIn connects the world's professionals to make them more productive and successful. With 161 million members worldwide, including executives from every Fortune 500 company, LinkedIn is the world's largest professional network on the Internet. The company has a diversified business model with revenue coming from member subscriptions, marketing solutions and hiring solutions. Headquartered in Silicon Valley, LinkedIn also has offices across the Americas, Europe, and the Asia-Pacific.




Other articles
2013/1/31 3:00:00 - Your Tax Refund Is The Identity Theft's Taxing New Trend
2013/1/31 2:40:00 - zvelo Releases New Technology For Detecting Spam Web Pages
2013/1/30 2:33:29 - Next-Generation Secure Internet Gateway for K-12 Released By ContentKeeper
2013/1/30 2:28:57 - Zscaler Offers Single Sign-On For Its Cloud Application Security
2013/1/25 3:40:00 - Bitdefender Focuses on Privacy Awareness
2013/1/19 5:20:00 - Comodo 2013 Internet Security Includes Default Deny Protection
2013/1/18 5:10:00 - Romanian Citizen Convicted to Four Years in Prison For Phishing
2013/1/16 5:02:01 - Sophos Listed For Best Malware Detection Rates on the Market Today in New Security Report
2013/1/16 4:57:27 - Symantec’s 2012 Information Retention and eDiscovery Survey
2013/1/16 4:48:33 - PC Magazine awards Best of 2012 Soft to Panda Cloud Antivirus

The comments are owned by the poster. We aren't responsible for their content.



 

NEWS | SECURITY BLOG | TOOLS | DOWNLOADS | TIPS | SITEMAP | TERMS AND CONDITIONS | INTERNET SECURITY SEARCH ENGINE | ADVERTISE ON THIS SITE | CONTACT
Feb '09 | Mar '09 | Apr '09 | May '09 | Jun '09 | Jul '09 | Aug '09 | Sep '09 | Oct '09 | Nov '09 | Dec '09 | Jan '10 | Feb '10 
4000+ Security Software Downloads