clock menu more-arrow no yes

Filed under:

NYT: LinkedIn security breach could have been prevented with simple security measures

New, 20 comments

Last week's breach at LinkedIn resulted in the leak of 6.46 million user passwords, but with some basic security measures in place it could have been avoided, the New York Times reports.

Linkedin password sign in android
Linkedin password sign in android

Last week's breach at LinkedIn resulted in the leak of 6.46 million user passwords, but with some basic security measures in place it could have been avoided. The New York Times reports that "on a grading scale of A through F, experts say, LinkedIn, eHarmony and Lastfm.com would get, at best, a 'D' for password security" because the three sites — all of which were hacked last week — only took one step to secure user passwords. The article explains that an inexpensive way to securely store user data is to first hash the passwords, then to salt them, then to hash them again and store them on secure servers, but the three sites that were hacked last week only took the first step in this process. LinkedIn says that "prior to news" of the breach, the site began hashing and salting user passwords, but hopefully companies will take this step much sooner in the future.