“Since the breach, we have redoubled our efforts to ensure the safety of member account on LinkedIn by further improving password strengthening measures and enhancing the security of our infrastructure and data. The health of our network as measured by number of growth and engagement remains as strong as it was prior to the incident.”
After the leak was discovered, LinkedIn reset the passwords of accounts that they believed were frozen.The stolen passwords were camouflaged using an outdated cryptographic hash function, SHA-1, created by the National Security Agency. In addition to this weakness, LinkedIn failed to add additional security layers, such as salting the passwords, a technique which randomly appends a string of characters.
Following the attack, LinkedIn confirmed in a blog post the addition of new security layers, including the salting of passwords.
