Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

LinkedIn confirms 'some' passwords leaked

Jaikumar Vijayan | June 7, 2012
In response to widespread reports of a massive data breach at social networking site LinkedIn, the company Wednesday confirmed that passwords belonging to "some" of its members have been compromised.

In an apparent response to the focus on the unsalted hashing issue, Silveira noted that LinkedIn recently added enhanced security measures for salting and hashing its password databases. Silveira's post does not indicate when LinkedIn began the practice.

The compromise is a big deal for LinkedIn users, said John Pescatore, an analyst with Gartner. "LinkedIn definitely had to have some kind of serious security incident for this to happen. And they probably had lax security policies or controls for a simple unsalted hash file like this to exist," he said.

One worrisome aspect of the breach is that it could enable more targeted phishing attacks, he said. "LinkedIn is a great research site for hackers creating targeted phishing attacks to go after system administrators, CFOs, etc." he said. "If they had access to the non-public parts of people's LinkedIn profiles we will see even better targeted phishing attacks."

 

Previous Page  1  2 

Sign up for MIS Asia eNewsletters.