Computerworld India News | LinkedIn Reinforces Encryption After Last Week's Password Leak |

LinkedIn Reinforces Encryption After Last Week's Password Leak

John Dunn June 14, 2012
The professional social networking site has still not given any details as to how the hack occurred.

LinkedIn has brought the encryption applied to all user passwords up to a more secure standard after last week's hugely embarrassing password hack, the company has announced.

This will count as a small consolation for anyone affected by the loss of 6.5 million passwords secured in an 'unsalted' state using the less secure 160 bit SHA-1 encryption algorithm.

The company said that after discovering the hack on the morning of 6 June, it had disabled published passwords it believed were at risk of exposure by the end of play on 7 June. None of the emails involved included email logins, the company claimed.

"After we disabled the passwords, we contacted members with instructions on how to reset their passwords," LinkedIn said. "At this time, there have been no reports of compromised LinkedIn accounts as a result of this password theft."

Importantly, the company said it had now completed an upgrade of the security applied to all accounts whether part of the hack or not which added the use of salted hashes.

Precisely what new security was now being employed - specifically whether 256-bit SHA-2 was part of the upgrade - the company's announcement is oddly evasive.


Google App Maker aims to ease enterprise development

Google is making it simpler for business to create custom apps. Its new App Maker service lets you integrate apps with Google's services and run them on the same data center infrastructure as its G Suite of productivity software.