In an apparent response to the focus on the unsalted hashing issue, Silveira noted that LinkedIn recently added enhanced security measures for salting and hashing its password databases. Silveira's post does not indicate when LinkedIn began the practice.
The compromise is a big deal for LinkedIn users, said John Pescatore, an analyst with Gartner. "LinkedIn definitely had to have some kind of serious security incident for this to happen. And they probably had lax security policies or controls for a simple unsalted hash file like this to exist," he said.
One worrisome aspect of the breach is that it could enable more targeted phishing attacks, he said. "LinkedIn is a great research site for hackers creating targeted phishing attacks to go after system administrators, CFOs, etc." he said. "If they had access to the non-public parts of people's LinkedIn profiles we will see even better targeted phishing attacks."
Sign up for MIS Asia eNewsletters.