It took a little longer than I’d have liked, but LinkedIn has released a statement about its accounts having been compromised. As you read yesterday, the hacking of Gawker’s user database led to exposures on other social media platforms including LinkedIn and Twitter. To LinkedIn’s credit, the slow public statement was likely due to the fact that the company spent the early hours after discovering the problem interacting with its users directly – which is as it should be.
The company says on its blog: “As we closely monitored the situation, we decided it was imperative to take preemptive action to help ensure that those leaked passwords were not being used to attack any LinkedIn members.”
LinkedIn goes on to explain that there was only “a very small fraction of our members whose accounts could potentially be affected by the recent breach.” Further, LinkedIn sent multiple emails to users with several on file, even though only one of the email messages needs to be addressed.
And, for those who were not affected, LinkedIn suggests “proactively manag[ing] your online accounts. The number one tip is to use a unique password for each site.” It’s always important to maintain identity management discipline, especially in an environment where new platforms are inviting new malware threats. For more advice from LinkedIn, there is an earlier blog post you can read.
It looks like the aftermath is starting to die down, but the enduring lesson appears to be that the proverbial knee bone may not have to be connected to the neck bone in order for exposures to be transmitted.