It’s been over 24 hours since LinkedIn revealed that “some” of their users’ passwords were indeed compromised in that massive leak, and while the investigation is still on going LinkedIn director Vicente Silveira once again took to the company’s blog to update their users on the situation.
First things first, though there’s still no word on how many users were affected, Silveira points out that as far as the team can tell none of the email addresses that correspond to those dumped passwords have been published.
Given that those email addresses are required to actually log in to a LinkedIn account, this is potentially great news — I say “potentially” because it’s still possible those same hackers have those email addresses but have simply decided not to share them. Still, he notes that they have yet to detect any unauthorized attempts to access members’ accounts, so it seems likely at this point that your LinkedIn accounts are safe from harm. Perhaps those spoofed LinkedIn phishing emails that surfaced after the leak weren’t as effective as their senders thought they would be.
Silveira’s post goes on to say the following:
Since we became aware of this issue, we have been taking active steps to protect our members. Our first priority was to lock down and protect the accounts associated with the decoded passwords that we believed were at the greatest risk. We’ve invalidated those passwords and contacted those members with a message that lets them know how to reset their passwords.
Going forward, as a precautionary measure, we are disabling the passwords of any other members that we believe could potentially be affected. Those members are also being contacted by LinkedIn with instructions on how to reset their passwords.
We are also actively working with law enforcement, which is investigating this matter.
Even with all that said, users should still change their passwords if they haven’t already — once they do, they’ll be stored in LinkedIn’s newly-salted password database.
Though the team kept awfully quiet after their initial disclosure yesterday, it’s reassuring to see that they seem to be making progress (not to mention that they’ve brought the authorities into this). Sadly, yet another company is being dragged into the quagmire of leaked password woes — London-based Last.fm revealed earlier today that some of their users’ passwords were also leaked, though it’s not known if they were contained in the same files that LinkedIn and eHarmony passwords were found in.