LinkedIn Responds to Password Hacking

/

It's time to change your LinkedIn password. A Russian forum user posted 6.5 million passwords from the site, and LinkedIn has confirmed their authenticity. The hacker also claims that he stole 1.5 million eHarmony passwords.

LinkedIn has responded to the incident with this post on its website:

We want to provide you with an update on this morning's reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:

  1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
  2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
  3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously. If you haven't read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices.

LinkedIn has been active on Twitter, with four tweets so far about the incident.

Discussion Starters: 

  • The company's communication process via email is a bit complex. Do you understand why the management team chose this process? Would you propose a better process?
  • This paragraph could be written more clearly: "It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases." What changes would you suggest to the writer?