LinkedIn: No Reports of Unauthorized Account Access in Wake of Hack

LinkedIn: No Reports of Unauthorized Account Access in Wake of Hack
LinkedIn beefs up security after passwords leaked
By Rohan Pearce
News Jun 14th 2012

Social networking site LinkedIn has revealed details of attempts to increase security in the wake of 6.5 million usernames and hashed passwords being published on a Russian hacker forum.

A blog entry by director Vicente Silveira revealed that LinkedIn has not received any reports of unauthorised account access in the wake of the security breach.

The company also revealed that passwords of the service's users are now salted as well as hashed. "That transition was completed prior to news of the password theft breaking on Wednesday," Silveira wrote.

Ty Miller, chief technology officer of penetration testing firm Pure hacking, said that although the salting of password hashes has been around for a long time, "we find that many Web applications either do not hash their passwords at all, or use common hashing algorithms, such as MD5, without a salt".

"Social and professional networking sites such as LinkedIn are major targets for hackers," Miller said. "Combining this with the complexity of these types of web applications, the chance of a critical vulnerability being present is likely. This means that a defence-in-depth approach should be a necessity for LinkedIn, which includes protecting passwords with strong cryptographic methods."