LinkedIn Offers Apology, Information on Security Breach
Know the Risk: Digital Transformation's Impact on Your Business-Critical Applications REGISTER >
In the wake of a massive security breach on the business networking site LinkedIn, which resulted in the leaking of roughly 6.5 million user passwords and their subsequently published on an unauthorized website, the company has issued a blog post to answer some of the most frequently asked questions about the breach. The company has also enlisted the help of the FBI for an investigation into the breach.
"We want to be as transparent as possible while at the same time preserving the security of our members without jeopardizing the ongoing investigation," wrote LinkedIn director Vicente Silveira. "We take this criminal activity very seriously so we are working closely with the FBI as they aggressively pursue the perpetrators of this crime."
Silveira noted the compromised passwords were not published with corresponding email logins, and that the majority of passwords were hashed , meaning they were still encoded, however he confessed a subset of the passwords were decoded. Silveira also stressed that the only information published was the list passwords. "We are not aware of any member information being published at any time in connection with the list of stolen passwords," he wrote.
Also addressed was the speed of LinkedIn's repose to the breach, reports of which first surfaced last Wednesday. Silveira said the company launched an investigation immediately after receiving confirmation of the breach, and by the end of Thursday, all passwords on the published list that were believed to have created risk for LinkedIn members had been disabled. "This is true, regardless of whether or not the passwords were decoded. After we disabled the passwords, we contacted members with instructions on how to reset their passwords," he wrote. "Once again, we truly apologize for any inconvenience this has caused you, our members."
Stolen passwords aren't the only thing social media users have to worry about, a recent report from IT research firm Gartner indicated. The study found that corporate monitoring of employee behavior on social media sites like Facebook, Twitter or LinkedIn will rise to 60 percent by 2015. The report also raises the question of who is actually looking at this information and the parties who have access to employee-monitoring tools, as well as the ethical and legal issues involved.