LinkedIn, on their blog, updated that passwords were leaked yesterday. The post says:
Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published.
To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event.
The blogpost also mentions that the company is working closely with the FBI on the case.
LinkedIn’s blogpost is busy warning users about security measures regarding passwords. The basics remain pretty much the same, change your password every six months, don’t use the same password for different sites, add special characters, numbers to it etc…
It seems after the attack the company has also doubled up security on how its storing user passwords. LinkedIn’s blog assures users that their passwords have been ‘salted’ as well as hashed. Hashed is a common form of storing passwords for web applications. But salting makes it doubly harder for hackers to crack into a database. For more on salting click here.