LinkedIn Breach... Employee Comments

4 views
Skip to first unread message

Nathaniel Husted

unread,
Jun 7, 2012, 12:06:37 PM6/7/12
to isdpo...@googlegroups.com
Sadly this is not a blurb from someone directly related to the breach,
but it was a comment from a sysadmin on another team that showed up on
one of my lists. I thought you all might find it a little
enlightening.

"Hey all--not sure how much I can say, so I'll be conservative here (I
work for LinkedIn). I'm also not closely involved with what's stored
in our DBs, so won't speculate there, either.

I remember the incident referred to by Moose below. It was
essentially the first time we got hit by the Bad Guys & we were
obviously under-prepaired; thus, the reaction was more extreme than it
otherwise would have been. It brought to light some bad practices
that were corrected immediately :^) It also really put life into our
support for the security team, making the current response far more
surgical & open.

Although, again, my team isn't part of the data teams, we were
speculating about what could have happened, given the nature of the
list. We had a difficult time convincing ourselves it wasn't just
someone trolling--a twisted social engineering attempt (post simple
hashes for a bunch of common passwords, then sit back & wait for posts
to start showing up from people saying "mine's on the list!"--giving
you, at least for a short window, a password & rough idea of
username). Vicente's blog post notes that some of the hashes match
those of some of our users: it doesn't say that accounts were hacked
or that someone scraped a DB internally or really give any indication
of what happened at all yet, so I honestly still don't know myself
whether this is phishing or not.

What I do know is that I'm a sysadmin--nominally rational & cool under
pressure--so I'll take reasonable actions now to protect my user data
(like making sure I'm using a strong & unique password), I'll keep my
ear to the ground for new information, and I'll be cool :^)"

Cheers,
DrWhom
Reply all
Reply to author
Forward
0 new messages