SECURITY: LinkedIn Passwords Compromised

A 6+ mil­lion pass­word list has been released to the wild which is strongly sus­pected to have orig­i­nated at LinkedIn.  The pass­words are not matched to any account names in this list, but it would be dan­gerous to assume someone does not have them as well.  It is very impor­tant you change your pass­word at LinkedIn.  Since that account is asso­ci­ated with your email you will want to change that pass­word every­where you have used it.  LinkedIn is sus­pected as many of the pass­words in the list con­tained the a vari­a­tion of ‘linkedin’.

One part of this inci­dent that makes it inter­esting is that the pass­words were stored using a pro­tec­tion called hashing which con­verts the pass­word in a way which is sup­posed to be dif­fi­cult to reverse — but as of this writing likely over 75% had been extracted.

To pro­tect you accounts you should:

  • choose long com­pli­cated pass­words including cap­ital let­ters, number, and punctuation
  • avoid words
  • not use the same pass­words for dif­ferent accounts

You can read the entire story at arstech­nica

author: