Taking Steps To Protect Our Members
June 7, 2012
It is of the utmost importance to us that we keep you, our members, informed regarding the news this week that some LinkedIn member passwords were compromised. We want to reiterate that we sincerely apologize for the inconvenience this has caused our members.
From the moment we became aware of this issue, we have been working non-stop to investigate it. While we continue to learn more as a result of our ongoing investigation, here is what we know now:
Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published.
To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event.
Since we became aware of this issue, we have been taking active steps to protect our members. Our first priority was to lock down and protect the accounts associated with the decoded passwords that we believed were at the greatest risk. We’ve invalidated those passwords and contacted those members with a message that lets them know how to reset their passwords.
Going forward, as a precautionary measure, we are disabling the passwords of any other members that we believe could potentially be affected. Those members are also being contacted by LinkedIn with instructions on how to reset their passwords.
We are also actively working with law enforcement, which is investigating this matter.
Finally, we’ve enhanced our security measures through an additional layer of technical protection know as “salting” to better secure your information.
We are working hard to protect you, but there are also steps that you can take to protect yourself, such as:
- Make sure you update your password on LinkedIn (and any site that you visit on the Web) at least once every few months.
- To take advantage of our enhanced security measures, change your password now by clicking here.
- Do not use the same password for multiple sites or accounts.
- Create a strong password for your account, one that includes letters, numbers, and other characters.
- Watch out for phishing emails and spam emails requesting personal or sensitive information.
Our efforts to protect LinkedIn members impacted by this incident are ongoing and we will continue to keep you posted here.