http://cdn1.sbnation.com/community_logos/34086/verge-fv.png 2012-06-11T14:37:17Z http://www.theverge.com/rss/stream/2835748 2012-06-11T14:37:17Z 2012-06-11T14:37:17Z <img alt="Linkedin-password-android_1020_large" src="http://cdn1.sbnation.com/entry_photo_images/4316333/linkedin-password-android_1020_large.jpg" /> <p>Last week's breach at LinkedIn resulted in the leak of <a target="_blank" href="http://www.theverge.com/2012/6/6/3067523/linkedin-password-leak-online/in/2835748">6.46 million user passwords</a>, but with some basic security measures in place it could have been avoided. <a href="http://www.nytimes.com/2012/06/11/technology/linkedin-breach-exposes-light-security-even-at-data-companies.html?_r=3&amp;ref=technology" target="_blank">The <i>New York Times </i>reports</a> that "on a grading scale of A through F, experts say, LinkedIn, <a href="http://www.theverge.com/2012/6/6/3069455/eharmony-hacked-member-passwords-compromised" target="_blank">eHarmony</a> and <a href="http://www.theverge.com/2012/6/7/3070639/last-fm-password-leak" target="_blank">Lastfm.com</a> would get, at best, a 'D' for password security" because the three sites &mdash; all of which were hacked last week &mdash; only took one step to secure user passwords. The article explains that an inexpensive way to securely store user data is to first hash the passwords, then to salt them, then to hash them again and store them on secure servers, but the three sites that were hacked last week only took the first step in this process. LinkedIn says that "prior to news" of...</p> <p> <a href="http://www.theverge.com/2012/6/11/3077880/linkedin-security-breach-prevented-security">Continue reading&hellip;</a> </p> http://www.theverge.com/2012/6/11/3077880/linkedin-security-breach-prevented-security Kimber Streams 2012-06-07T23:46:38Z 2012-06-07T23:46:38Z <img alt="Linkedin-password-login-android_1020_large" src="http://cdn1.sbnation.com/entry_photo_images/4288157/linkedin-password-login-android_1020_large.jpg" /> <p>LinkedIn has yet to receive any reports of unauthorized account access after 6.5 million user <a href="http://www.theverge.com/2012/6/6/3068652/linkedin-member-passwords-stolen">passwords were posted online by hackers</a>, the company said in a blog post today. Although the perpetrators managed to crack and reveal a "small set" of hashed passwords, LinkedIn hasn't seen any evidence indicating that the email addresses tied to those credentials have also been shared.</p> <p>"To the best of our knowledge, no email logins associated with the passwords have been published" says Director Vicente Silveira. He adds that the professional networking site is now working with law enforcement to investigate the breach, a process we imagine has only intensified thanks to <a href="http://www.theverge.com/2012/6/6/3069455/eharmony-hacked-member-passwords-compromised">similar attacks</a> carried out on <a href="http://www.theverge.com/2012/6/7/3070639/last-fm-password-leak">other popular web destinations</a> in the days...</p> <p> <a href="http://www.theverge.com/2012/6/7/3071502/linkedin-hack-no-emails-published-law-enforcement">Continue reading&hellip;</a> </p> http://www.theverge.com/2012/6/7/3071502/linkedin-hack-no-emails-published-law-enforcement Chris Welch 2012-06-06T19:54:35Z 2012-06-06T19:54:35Z <img alt="Linkedin-password-android_1020_large" src="http://cdn0.sbnation.com/entry_photo_images/4273927/linkedin-password-android_1020_large.jpg" /> <p>Reports started swirling this morning that more than six million users had their <a href="http://www.theverge.com/2012/6/6/3067523/linkedin-password-leak-online">account passwords stolen</a>, and now the company has confirmed the security breach with a post on its blog &mdash; though the company hasn't yet confirmed how many accounts were compromised.</p> <p>Affected users will receive an email from LinkedIn with instructions on how to reset their password. This doesn't appear to be the standard password reset procedure, either &mdash; any affected user will automatically be locked out of their account, and the password reset email being sent by LinkedIn won't contain any links to the site. LinkedIn will also be sending affected members a second email from their customer service department detailing the circumstances behind the breach....</p> <p> <a href="http://www.theverge.com/2012/6/6/3068652/linkedin-member-passwords-stolen">Continue reading&hellip;</a> </p> http://www.theverge.com/2012/6/6/3068652/linkedin-member-passwords-stolen Nathan Ingraham 2012-06-06T12:32:40Z 2012-06-06T12:32:40Z <img alt="As2011-12-06_12-05-54_1020_large" src="http://cdn0.sbnation.com/entry_photo_images/4267077/AS2011-12-06_12-05-54_1020_large.jpg" /> <h3>UPDATE: LinkedIn confirms hacking. <a href="http://www.theverge.com/2012/6/6/3068652/linkedin-member-passwords-stolen">Read more here.</a> </h3> <p>A user in a Russian forum is claiming to have hacked LinkedIn to the tune of almost 6.5 million account details. The user uploaded 6,458,020 hashed passwords, but no usernames. It's not clear if they managed to download the usernames, but it's likely that both have been downloaded.There is a possibility that this could be a hoax, but several people have <a target="_blank" href="https://twitter.com/cryptoron/status/210343238693945345">said on Twitter that they found their real LinkedIn passwords as hashes</a> on the list. Many of the hashes include "linkedin," which seems to add credence to the claims.</p> <p>We spoke with <a href="https://twitter.com/#!/mikko" target="_blank">Mikko Hypponen</a>, Chief Research Officer at <a href="http://www.f-secure.com/en/web/home_gb/home" target="_blank">F-Secure</a>, who thinks this is "a real collection." He told us he is "guessing it's some sort of exploit on their web...</p> <p> <a href="http://www.theverge.com/2012/6/6/3067523/linkedin-password-leak-online">Continue reading&hellip;</a> </p> http://www.theverge.com/2012/6/6/3067523/linkedin-password-leak-online Aaron Souppouris