LinkedIn is trying hard to stay transparent in light of the LinkedIn password leak this week, in which more than 6.4 million passwords from the site were leaked to a online hash-cracking forum. The social network for professional networking responded to the leak within hours, locking down accounts associated with the leaked passwords and sending out emails to the affected members explaining how to reactivate their accounts.
Today, Vicente Silveira, director at LinkedIn and point man for the company's announcements regarding the leak, has posted another update about the situation over on the LinkedIn blog. The post aggregates all of the information LinkedIn has on the issue, the steps it has taken in response, and more individual password security tips. In addition, Silveira revealed that LinkedIn does not believe any member accounts have been accessed by unauthorized parties. From the blog post:
To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event.
Another new piece of information Silveira revealed is that, though LinkedIn disabled the accounts associated with the leaked passwords that had already been cracked, it will now begin disabling other accounts they believe may have been compromised by the leak. Those members will also receive an email instructing them on how to reset their passwords. As a reminder, those emails will not contain links of any sort, and users should ignore unsolicited email requests to change their password or verify their email.