LinkedIn is now working with the FBI to determine who stole 6.4 million passwords.
LinkedIn is reportedly now working with the FBI to help in the investigation into the theft of 6.4 million member passwords that took place earlier this week. The company is still in the early stages of the investigation and currently does not know if any accounts have been taken over by hackers as a result of the security violations.
On Thursday LinkedIn gave a lengthy overview of what's happened so far, stating that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. As previously reported, most of the passwords discovered on the list remain hashed and hard to decode, but a small subset of the hashed passwords have been decoded and published.
"To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event," reports LinkedIn's Vicente Silveira.
Later on in the blog, he reports that LinkedIn is actively working with law enforcement which is currently investigating the theft. The production database for account passwords is also now "salted" as well as hashed, which provides an additional layer of security.
LinkedIn spokesman Hani Durzy confirmed with Reuters on Thursday that LinkedIn has not yet determined whether the email addresses that corresponded to the hacked passwords were also stolen. A spokeswoman with the FBI declined to comment.
"Going forward, as a precautionary measure, we are disabling the passwords of any other members that we believe could potentially be affected," Silveira said. "Those members are also being contacted by LinkedIn with instructions on how to reset their passwords."
Both eHarmony and Last.fm have also reported that their sites have been hacked and passwords stolen. The dating website said on Thursday that an investigation is ongoing, and that the company has not found any indication that other information was accessed, nor has it received any reports of unauthorized logins to member accounts.
"We quickly secured the small percentage of accounts affected by this incident by disabling their passwords," eHarmony said. "We sent an email to all affected members and provided them with specific instructions on how to change their password and tips on how to create a robust password. The email also included a direct phone number and live online chat access to our Customer Care team so we could personally address concerns and questions."
"We have also been working with law enforcement authorities in our investigation and have been in touch with one of the other companies affected as well," the company added.
Last.fm has not provided an updated report as of this writing.