Security Market Segment LS
Wednesday, 13 June 2012 14:17

LinkedIn's mea culpa

By

LinkedIn has issued a public explanation of its response to the recent password theft, along with an apology to its users.

LinkedIn might have initially been silent about the security breach that saw six million password hashes exposed, but the company has now explained more about what happened and its response.

Unsurprisingly, there are no clues about who 'stole' the password hash file or how they did it, but LinkedIn confirmed that the password hashes were theirs.

The company first disabled accounts with passwords known to have been decoded, followed by those that were on the list regardless of whether they had been decoded. This process was completed by the end of July 7, the day after the matter came to light.

LinkedIn officials say affected members were emailed instructions for resetting their passwords.

"At this time, there have been no reports of compromised LinkedIn accounts as a result of this password theft," the officials stated, adding "We are continuing to work with law enforcement as they investigate this crime."

Page 2: Apology

 


LinkedIn has revealed it has now completed a "long-planned transition" from hashed passwords to hashed and salted passwords. Some users may question why it was only completed after the breach.

Hashing (in this context) converts a password into a fixed length string. The idea is that it avoids the need to store the password itself on the system. If the process is not easily reversible, the assumption is that if someone does gain access to the hash, a lot of work must be done to find a password that corresponds to the hash.

However, the widely-used SHA-1 hash function is more easily overcome than originally thought, and large amounts of processing power are becoming more widely available. Thus the party that gained access to the LinkedIn hash file was able to compute passwords that correspond to the hash values.

Salting feeds random data as well as the password into the hashing process, making it impractical to generate tables of passwords that correspond to given hash values.

"We can confirm that all member passwords now are not only hashed, but also salted, to provide an additional layer of security," LinkedIn officials said.

"We are profoundly sorry for this incident. Member security is vitally important to us, and transparency is a priority as well. We will provide further updates as warranted by any new developments."


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments