* LinkedIn does not know of any accounts that were taken
* Not able to determine if email addresses were also stolen
By Jim Finkle and and Joseph Menn
June 7 LinkedIn Corp is working with
the FBI as the social network for job seekers and professionals
investigates the theft of 6.4 million member passwords, the
company said on Thursday.
The company does not know of any accounts that were taken
over as a result of the security violations, according to
LinkedIn spokesman Hani Durzy.
A spokeswoman with the FBI declined to comment.
LinkedIn is still in the early stages of the investigation.
Durzy said it was not yet determined whether the email addresses
that corresponded to the hacked passwords were also stolen.
On Wednesday, LinkedIn confirmed that millions of passwords
The company said on Thursday it would disable passwords that
had been compromised and force customers to reset them. The
company sent affected members emails explaining how to change
Several security experts said that LinkedIn's stolen
passwords had not been adequately secured and that the company
did not employ best practices utilized by the world's largest
When asked to comment on that criticism, Durzy said that
LinkedIn had already boosted the security of its database. "We
place the highest value on the security of our members' data,"
Online dating service eHarmony warned on Wednesday that some
of its user passwords had been breached after security experts
discovered scrambled files with passwords for millions of online
The dating website's contents are sensitive and could
subject compromised members to embarrassment or even extortion
attempts, experts said.
The attack on LinkedIn did not last long as the latest in a
series of security breaches that could affect sensitive consumer
On Thursday, Last.fm, which recommends music to users based
on the songs they already listen to, also warned its website
visitors to change their passwords after a leak which may have
resulted from a hacking attack.
"We're sorry for the inconvenience around changing your
password," the London-based company wrote.
It is unclear if the three attacks are all related. Web
application security expert Jeremiah Grossman said on Twitter
that all three companies used common Apache software for serving
web pages to visitors, though that doesn't mean that there is a
new flaw in the program.
The series of problems underscored the continuing issues
with passwords, which are best complex, different for each site
and changed every few months.
Major breaches often lead to scam emails and account
takeovers, which can be used to convince acquaintances of the
target to click on dangerous links that monitor online credit
card or bank account use.
LinkedIn caters to companies seeking employees and people
scouting for jobs. It has more than 161 million members
worldwide and makes money by selling marketing services and
Shares of LinkedIn closed up 1.1 percent at $94.13 on
Thursday on the New York Stock Exchange.