[From the Linkedin Blog]
June 6, 2012
We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the
passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and
here is what we are pursuing as far as next steps for the compromised accounts:
1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account
password is no longer valid.
2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There
will not be any links in this email. Once you follow this step and request password assistance, then you will receive an
email from LinkedIn with a password reset link.
3. These affected members will receive a second email from our Customer Support team providing a bit more context
on this situation and why they are being asked to change their passwords.
It is worth noting that the affected members who update their passwords and members whose passwords have not been
compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our
current password databases.
We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very
seriously. If you haven’t read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices.
--
June 6, 2012
Our security team continues to investigate this morning’s reports of stolen passwords. At this time, we’re still unable
to confirm that any security breach has occurred. You can stay informed of our progress by following us on Twitter @LinkedIn and @LinkedInNews.
While our investigation continues, we thought it would be a good idea to remind our members that one of the best ways to
protect your privacy and security online is to craft a strong password, to change it frequently (at least once a quarter
or every few months) and to not use the same password on multiple sites. Use this as an opportunity to review all of
your account settings on LinkedIn and on other sites too. Remember, no matter what website you’re on, it’s important for
you to make sure that you protect your account security and privacy.
Here are some account security and privacy best practices that we recommend for our members:
Changing Your Password:
• Never change your password by following a link in an email that you did not request, since those links might be
compromised and redirect you to the wrong place.
• You can change your password from the LinkedIn Settings page.
• If you don’t remember your password, you can get password help by clicking on the Forgot password? link on the Sign in page.
• In order for passwords to be effective, you should aim to update your online account passwords every few months or at
least once a quarter.
Creating a Strong Password:
• Variety – Don’t use the same password on all the sites you visit.
• Don’t use a word from the dictionary.
• Length – Select strong passwords that can’t easily be guessed with 10 or more characters.
• Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
• Complexity – Randomly add capital letters, punctuation or symbols.
• Substitute numbers for letters that look similar (for example, substitute “0 for “o” or “3 for “E”.
• Never give your password to others or write it down.
A few other account security and privacy best practices to keep in mind are:
• Sign out of your account after you use a publicly shared computer.
• Manage your account information and privacy settings from the Profile and Account sections of your Settings page.
• Keep your antivirus software up to date.
• Don’t put your email address, address or phone number in your profile’s Summary.
• Only connect to people you know and trust.
• Report any privacy issues to Customer Service.
ENDS