Mashable put out an article yesterday about the 6.46 million encrypted LinkedIn passwords leaked online.
The report says:
A Russian forum user claims he has hacked LinkedIn, uploading 6,458,020 encrypted passwords (without usernames) as proof.
The passwords are encrypted with the SHA-1 cryptographic hash function, used in SSL and TLS and generally considered to be relatively secure, but not foolproof. Unfortunately, it also seems that passwords are stored as unsalted hashes, which it makes it much easier to decipher them using pre-computed rainbow tables.
A secure tool by password management firm LastPass has released to see if your password was among the stolen.
To check if your password has been compromised, go to LastPass’ online tool and enter your LinkedIn account password. If a match is found in the database of the 6.46 million password stolen, you will get a message.
The above screenshot is what I got after I entered my password. Good thing mine was not among those leaked. Nonetheless, I changed my LinkedIn password. For those who have ‘bad’ passwords, better change it quickly. And while you’re at it, you might as well change update accounts that use the same password.
Better safe than hacked.