We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. [1]
Are you exposed? Download the hashes and look; the unsalted hashes use SHA-1 encryption so you will need to run your password through an SHA-1 encryption to do the comparison.
What should you do? For starters, change your password. Even if you are not exposed (in this leak) it is clearly time to change your passwords; especially if you reuse passwords across sites.
NOTE: There are password collectors jumping on the linkedin publicity eg “http://www. leakedin. org/” – don’t put your passwords into these sites *Doh!*
[1] An Update on LinkedIn Member Passwords Compromised (2012-Jun-06) [blog.linkedin]
[2] Potential leak of 6.5+ million LinkedIn password hashes (2012-Jun-06) [SANS]
[3] Bad day for LinkedIn: 6.5 million hashed passwords reportedly leaked – change yours now (2012-Jun-06) [Next Web]
[4] LinkedIn confirms hack, over 60% of stolen passwords already cracked (2012-Jun-06) [nakedsecurity.sophos]