LinkedIn reaffirmed that the stolen passwords weren’t published with their corresponding email logins, and said that it addressed the risk to members by swiftly disabling the compromised passwords – with all of them disabled by the end of the day following the detection of the breach.
Members were then emailed instructions on how to reset their password.
The firm also clarified: “At this time, there have been no reports of compromised LinkedIn accounts as a result of this password theft.”
So it appears no damage was done as a result of the incident.
Furthermore, LinkedIn notes that it has now completed an apparently long planned upgrade of its password database system.
Previously passwords were hashed, but now they will be salted and hashed, which is effectively a double layer of protection (adding a string before hashing – which means simple or silly passwords won’t be nearly as easy to brute force and crack).
LinkedIn stated that now, the password of every member has been hashed and salted. This, and the fact that no accounts were actually breached, represents a solid recovery from a major hack.
Naturally, there’s also an investigation going on into who perpetrated the act, with a view to bringing the culprits to justice.