LinkedIn adds salting after password scare

LinkedIn facing £3 million lawsuit, as member claims negligence over password breach
LinkedIn facing £3 million lawsuit, as member claims negligence over password breach

LinkedIn has claimed that it has implemented salting capabilities to protect user passwords.

The social network said that it had "been working around the clock" since it learned last Wednesday that a possible theft of passwords had occurred.

It said that its investigation found that the stolen passwords were not published with corresponding email logins; those members it believed to be at risk had their passwords disabled and were sent an email by its customer service team.

It said: “At this time, there have been no reports of compromised LinkedIn accounts as a result of this password theft. We are continuing to work with law enforcement as they investigate this crime. The health of our network, as measured by member growth and engagement, remains as strong as it was prior to the incident.”

Following the incident, it said that the technology team at LinkedIn has completed a long-planned transition from a password database system that hashed passwords, to a system that both hashes and salts the passwords to provide an extra layer of protection.

“We are profoundly sorry for this incident. Member security is vitally important to us, and transparency is a priority as well. We will provide further updates as warranted by any new developments.”

Also, a blog post by Cloudmark said that more than four per cent of the emails received by LinkedIn users, around a quarter of a million, were tagged as junk by recipients. Its spam-filtering system found that a specific signature was assigned to the LinkedIn message, which allowed researchers to estimate how many were marked as spam, leading to users not knowing that they had a compromised password.

Andrew Conway, Cloudmark researcher, told SC Magazine US: “LinkedIn tends to send out a lot of messages that people don't want to read. LinkedIn should be more careful about the general emails that they send to people so users pay attention when the company has something to say.”

Sign up to our newsletters