LinkedIn has verified that almost 6 million of their user account passwords have been compromised as of June 6, 2012.
The file containing nearly 6 million of the SHA-1 unsalted password hashes was posted on the internet, and hackers began to successfully crack the passwords almost immediately.
A class action lawsuit has been filed with the U.S. District Court inNorthern California against LinkedIn for “failing to properly safeguard its users” digitally stored personally identifiable information. Had the password file been “salted”, the decryption needed to crack the passwords would have been much more complicated and time consuming.
In response, LinkedIn has salted their password hash file and disabled all of the known affected passwords. These users have been contacted via email with instructions on changing their passwords. The notification email from LinkedIn does not include any links to their site. If you receive an email instructing you to click a link to reset your password, do not respond to it. To change your password, you should go directly to the site in question. CompuType IT Solutions recommends this for all emails that you may receive regarding password changes.
As a general precaution, CompuType recommends that you use secure passwords, using a combination of characters, numbers and upper and lower-case letters. Your passwords should be a minimum or eight characters long. You should not use the same password on multiple sites or accounts. To be safe we also recommend that you change your LinkedIn password at this time.
CompuType encourages you to share this information with anyone you know that may be affected.