LinkedIn works with FBI on password theft

Thu Jun 7, 2012 7:36pm EDT

1 of 2. A banner announcing Linkedin Inc. listing on the New York Stock Exchange hangs on the face of the building in New York, May 19, 2011.

Credit: Reuters/Mike Segar

Related Topics

(Reuters) - LinkedIn Corp is working with the FBI as the social network for job seekers and professionals investigates the theft of 6.4 million member passwords, the company said on Thursday.

The company does not know of any accounts that were taken over as a result of the security violations, according to LinkedIn spokesman Hani Durzy.

A spokeswoman with the FBI declined to comment.

LinkedIn is still in the early stages of the investigation. Durzy said it was not yet determined whether the email addresses that corresponded to the hacked passwords were also stolen.

On Wednesday, LinkedIn confirmed that millions of passwords were stolen.

The company said on Thursday it would disable passwords that had been compromised and force customers to reset them. The company sent affected members emails explaining how to change their passwords.

Several security experts said that LinkedIn's stolen passwords had not been adequately secured and that the company did not employ best practices utilized by the world's largest websites.

When asked to comment on that criticism, Durzy said that LinkedIn had already boosted the security of its database. "We place the highest value on the security of our members' data," he said.

Online dating service eHarmony warned on Wednesday that some of its user passwords had been breached after security experts discovered scrambled files with passwords for millions of online accounts.

The dating website's contents are sensitive and could subject compromised members to embarrassment or even extortion attempts, experts said.

The attack on LinkedIn did not last long as the latest in a series of security breaches that could affect sensitive consumer data.

On Thursday, Last.fm, which recommends music to users based on the songs they already listen to, also warned its website visitors to change their passwords after a leak which may have resulted from a hacking attack.

"We're sorry for the inconvenience around changing your password," the London-based company wrote.

It is unclear if the three attacks are all related. Web application security expert Jeremiah Grossman said on Twitter that all three companies used common Apache software for serving web pages to visitors, though that doesn't mean that there is a new flaw in the program.

The series of problems underscored the continuing issues with passwords, which are best complex, different for each site and changed every few months.

Major breaches often lead to scam emails and account takeovers, which can be used to convince acquaintances of the target to click on dangerous links that monitor online credit card or bank account use.

LinkedIn caters to companies seeking employees and people scouting for jobs. It has more than 161 million members worldwide and makes money by selling marketing services and premium subscriptions.

Shares of LinkedIn closed up 1.1 percent at $94.13 on Thursday on the New York Stock Exchange.

(Reporting by Jim Finkle in Boston and Joseph Menn in San Francisco; Writing by Jennifer Saba in New York and Joseph Menn in San Francisco; Editing by Matthew Lewis and Phil Berlowitz)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (1)
Welcome to the world of reality, never did like LinkedIN too intrusive!
Can you imagine the damage this will do to over 6 million profiles?
It is nothing but a glorified version of Facebook but with a business twist. Once you setup a profile it is very hard to remove it, trust me on this one!!!!!!
Bank and other financial institutions constantly monitor profiles for people seeking financial restructering, a big NO NO for people who are in a fanancial DOODOO! STAY AWAY!!!!

Jun 08, 2012 11:39am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.