LinkedIn Confirms Intrusion, Password Database Leaked
LinkedIn suffered a serious blow in terms of security. Hackers claim to have leaked over 6.5 million passwords from the networking site. LinkedIn protected user passwords with SHA-1 encryption but did not salt user passwords.
The company informed users that an investigation is underway; however, some users on Twitter are claiming they found their password’s hash in the text file (236578.txt). This may not be unexpected, but some of those users also claim to have fairly long, complex passwords. Finding hashes for such unique passwords in the file could act as confirmation that the password is compromised.
The massive dumps over the past three days came in postings to user forums dedicated to password cracking at insidepro.com. Because LinkedIn didn’t use salts, the job of cracking them is considerably faster.
We suggest you change your password as soon as possible, if you have an account on the site.