LinkedIn Corp is working with the FBI as the social network for
job seekers and professionals investigates the theft of
6.4 million
member passwords, the company said on Thursday.
The company does not
know of any accounts that were taken over as a result of the security
violations, according to LinkedIn spokesman Hani Durzy.
A spokeswoman with the FBI declined to comment.
LinkedIn
is still in the early stages of the investigation. Durzy said it was
not yet determined whether the email addresses that corresponded to the
hacked passwords were also stolen.
On Wednesday, LinkedIn confirmed that millions of passwords were stolen.
The
company said on Thursday it would disable passwords that had been
compromised and force customers to reset them. The company sent affected
members emails explaining how to change their passwords.
Several
security experts said that LinkedIn's stolen passwords had not been
adequately secured and that the company did not employ best practices
utilized by the world's largest websites.
When asked to comment on
that criticism, Durzy said that LinkedIn had already boosted the
security of its database. "We place the highest value on the security of
our members' data," he said.
Online dating service eHarmony
warned on Wednesday that some of its user passwords had been breached
after security experts discovered scrambled files with passwords for
millions of online accounts.
The dating website's contents are
sensitive and could subject compromised members to embarrassment or even
extortion attempts, experts said.
The attack on LinkedIn did not
last long as the latest in a series of security breaches that could
affect sensitive consumer data.
On Thursday, Last.fm, which
recommends music to users based on the songs they already listen to,
also warned its website visitors to change their passwords after a leak
which may have resulted from a hacking attack.
"We're sorry for the inconvenience around changing your password," the London-based company wrote.
It
is unclear if the three attacks are all related. Web application
security expert Jeremiah Grossman said on Twitter that all three
companies used common Apache software for serving web pages to visitors,
though that doesn't mean that there is a new flaw in the program.
The
series of problems underscored the continuing issues with passwords,
which are best complex, different for each site and changed every few
months.
Major breaches often lead to scam emails and account
takeovers, which can be used to convince acquaintances of the target to
click on dangerous links that monitor online credit card or bank account
use.
LinkedIn caters to companies seeking employees and people
scouting for jobs. It has more than 161 million members worldwide and
makes money by selling marketing services and premium subscriptions.
Shares of LinkedIn closed up 1.1 percent at $94.13 on Thursday on the New York Stock Exchange.
Copyright Thomson Reuters 2012