Yesterday, LinkedIn reported that their website has been hacked resulting in 6.46 million passwords being stolen. After doing investigations all morning LinkedIn finally gave their statement via their blog: ”We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation…” They will be contacting any users whose passwords were compromised.
If it wasn’t bad enough that their website had been openly hacked, the hacker, to prove his feat, posted a list of all 6,458,020 encrypted passwords he stole onto a Russian forum. Leaking all of the information LinkedIn has kept private to the world.
The reason this happened is because the passwords were encoded using a weak encryption technique, SHA-1 cryptographic with unsalted hashes, making it easier to decipher the code using pre-computed rainbow tables (which can be used to decrypt unsalted password hashes easily)
As a line of defense and security practices for other websites to keep in mind, you should be using firewalls, web application firewalls, audits, keeping software up-to-date, etc. to ensure all users data are protected at all times.
Changing Your Password:
Creating a Strong Password: