LinkedIn has said that there have been “no reports of member accounts being breached” after millions of passwords were stolen and leaked online last week.
The business networking site hit the headlines after a hacker published around 6.5m encoded LinkedIn passwords on a Russian hacking forum and called for help in breaking the encryption.
In a blog post at the weekend, LinkedIn director Vicente Silveira said that the listed company takes “this criminal activity very seriously” and is working with the FBI “as they aggressively pursue the perpetrators of this crime”.
Alongside LinkedIn, passwords from Last.fm and dating site eHarmony also leaked online last week.
“We want to be as transparent as possible while at the same time preserving the security of our members without jeopardising the ongoing investigation,” said Silveira.
He noted that there were no compromised passwords for LinkedIn users published with their corresponding email addresses, meaning the login information was incomplete.
The majority of passwords were hashed, or encoded, but there was a “subset of passwords” that were decoded, he admitted.
However, Silveira said that the company has no evidence to suggest that member accounts have been breached as a result of the stolen passwords
“Based on our investigation, all member passwords that we believe to be at risk have been disabled,” he said.
“As soon as we learned of the theft, we launched an investigation to confirm that the passwords were LinkedIn member passwords. Once confirmed, we immediately began to address the risk to our members.”
He added: “Based on our investigation, those members whom we believed were at risk, and whose decoded passwords already had been published, had their passwords quickly disabled and were sent an email by the Customer Service team.
“By the end of Thursday (June 7), all passwords on the published list that we believed created risk for our members, based on our investigation, had been disabled.
“This is true, regardless of whether or not the passwords were decoded. After we disabled the passwords, we contacted members with instructions on how to reset their passwords.”
Silveira said that anyone who has not had their password disabled should assume that LinkedIn does not believe their account is at risk.
“It is good practice to change your passwords on any website you log into every few months,” he said, before adding: “Once again, we truly apologise for any inconvenience this has caused you, our members.”
Read the blog announcement in full here
