A 6+ million password list has been released to the wild which is strongly suspected to have originated at LinkedIn. The passwords are not matched to any account names in this list, but it would be dangerous to assume someone does not have them as well. It is very important you change your password at LinkedIn. Since that account is associated with your email you will want to change that password everywhere you have used it. LinkedIn is suspected as many of the passwords in the list contained the a variation of ‘linkedin’.
One part of this incident that makes it interesting is that the passwords were stored using a protection called hashing which converts the password in a way which is supposed to be difficult to reverse – but as of this writing likely over 75% had been extracted.
To protect you accounts you should:
- choose long complicated passwords including capital letters, number, and punctuation
- avoid words
- not use the same passwords for different accounts
You can read the entire story at arstechnica