LinkedIn has promised new security features above and beyond a switch to salting users’ passwords, as it continues to recover from the hack which saw 6.5m encrypted credentials leak from the site. ”We continue to execute on our security roadmap, and we’ll be releasing additional enhancements to better protect our members” the business-centric social network wrote on its official blog, while continuing to insist that there is still no evidence of any member accounts being breached.
“Thus far, we have no reports of member accounts being breached as a result of the stolen passwords” LinkedIn said in a statement today. “Based on our investigation, all member passwords that we believe to be at risk have been disabled.”
The company has also reacted to criticisms that it was slow to react to the password leak, taking longer to notify users than could perhaps be expected. Not so, insists LinkedIn; after a comprehensive security investigation to ascertain whether the codes were, indeed, official passwords from its servers, “those members whom we believed were at risk, and whose decoded passwords already had been published, had their passwords quickly disabled and were sent an email by the Customer Service team.”
That process was supposedly completed by the end of Thursday. News of the leak was widespread on Wednesday, though it was only in the following days that enterprising hackers began to make real headway in decrypting the passwords.
“If your password has not been disabled, based on our investigation, we do not believe your account is at risk” LinkedIn says, though suggests that changing your security every through months is good practice. It’s still unclear how the password list was acquired, though LinkedIn is working with the FBI on discovering that.