A 6+ mil­lion pass­word list has been released to the wild which is strongly sus­pected to have orig­i­nated at LinkedIn.  The pass­words are not matched to any account names in this list, but it would be dan­ger­ous to assume some­one does not have them as well.  It is very impor­tant you change your pass­word at LinkedIn.  Since that account is asso­ci­ated with your email you will want to change that pass­word every­where you have used it.  LinkedIn is sus­pected as many of the pass­words in the list con­tained the a vari­a­tion of ‘linkedin’.

One part of this inci­dent that makes it inter­est­ing is that the pass­words were stored using a pro­tec­tion called hash­ing which con­verts the pass­word in a way which is sup­posed to be dif­fi­cult to reverse — but as of this writ­ing likely over 75% had been extracted.

To pro­tect you accounts you should:

• choose long com­pli­cated pass­words includ­ing cap­i­tal let­ters, num­ber, and punctuation
• avoid words
• not use the same pass­words for dif­fer­ent accounts

You can read the entire story at arstech­nica