BUSINESS NETWORKING SERVICE Linkedin has contacted users who it believes were compromised by the password leak last week, warning them to reset their login details several days after the hack.
Taking longer than expected to issue the caution and advice, Linkedin didn't send the email, which tells users to reset their password and create a new one, until Saturday - three days after the web site was aware that passwords were stolen.
The email read, "To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorised access to any member's account as a result of this event."
It continued, "While a small subset of the passwords was decoded and published, we do not believe yours was among them."
A member of The INQUIRER team was affected by the incident and wasn't informed via email that their profile had been compromised until Saturday, despite hearing of the security breach days before. This leads us to believe that Linkedin waited far too long to warn users, considering the high risk nature of the breach.
Linkedin confirmed the passwords hack last Thursday in a blog post after issuing a tweet the day before that said, "Our team is currently looking into reports of stolen passwords. Stay tuned for more."
The blog post acknowledged the attack and confirmed that at least some of the reported 6.5 million unsalted passwords that were stolen belonged to its members.
Last Friday, Linkedin revealed that it is working with law enforcement authorities to find out who was behind the passwords theft. µ
Sign up for INQbot – a weekly roundup of the best from the INQ