LinkedIn said it is a victim of Internet security breach or hacking.
The company has suggested some of the LinkedIn account holders to change the password immediately to protect themselves. LinkedIn did not share the number of account holders who would be negatively impacted by the online security issue.
“We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well,” said LinkedIn.
Online security vendors, who are yet to become 100 percent successful in stopping such incidents, have given their comments to boost their solutions.
Sudeep Das, SE Manager – India and SAARC, RSA, said: “Passwords are here to stay for quite some time in spite of the innumerable weaknesses that has been reported against this weak form of authentication.”
On May 17, 2016, LinkedIn noticed that data stolen from LinkedIn website in 2012 was being made available online.
“This was not a new security breach or hack. We took immediate steps to invalidate the passwords of all LinkedIn accounts that we believed might be at risk. These were accounts created prior to the 2012 breach that had not reset their passwords since that breach,” said LinkedIn in a statement to LinkedIn account holders.
Member email addresses, hashed passwords, and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012 were involved in the issue.
LinkedIn says it has taken significant steps to strengthen account security since 2012. “For example, we now use salted hashes to store passwords and enable additional account security by offering our members the option to use two-step verification,” said LinkedIn.
“While we can talk about more modern and more sophisticated forms of authentication we have to simultaneously relook into the approach that we are taking to safeguard digital identity and its usage,” said Sudeep Das of RSA. RSA is a company owned by EMC, which will be part of Dell soon.
“Our approach involves usage of Identity assurance solutions that would ideally give users choices in terms of how they want to be authenticated, and ultimately, make sure the end result matches or / exceeds the service providers expected level of assurance, which is usually tied to the sensitivity of the application or the action in question,” said RSA.
LinkedIn invalidated passwords of all LinkedIn accounts created prior to the 2012 breach that had not reset their passwords since that breach. In addition, LinkedIn is using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts.
