![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
LinkedIn Passwords apparently stolen
I just sent this around at work, but it could probably use a signal-boost here as well:
http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/
Summary: it appears that LinkedIn got hacked, and ~8 million passwords were stolen. (This is not confirmed, but seems to be the consensus in the security community.)
Now before anybody panics, that’s far from all of them: it’s a small subset of LinkedIn’s DB. And they were stolen in hashed form: LinkedIn wasn’t so incompetent as to store them in plaintext.
That said, their security was apparently weak, and the hashes are relatively weak and crackable: determined hackers are blowing through the easy ones quickly, and are making their way through the rest. And the 8 million that were posted may just be a subset of what was stolen.
So: if you have a LinkedIn account, change your password *now*. If you use the same password for other sites, it would be adviseable to change it there as well, since it isn't hard to go from a LinkedIn account and start making guesses about accounts elsewhere on the Internet.
http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/
Summary: it appears that LinkedIn got hacked, and ~8 million passwords were stolen. (This is not confirmed, but seems to be the consensus in the security community.)
Now before anybody panics, that’s far from all of them: it’s a small subset of LinkedIn’s DB. And they were stolen in hashed form: LinkedIn wasn’t so incompetent as to store them in plaintext.
That said, their security was apparently weak, and the hashes are relatively weak and crackable: determined hackers are blowing through the easy ones quickly, and are making their way through the rest. And the 8 million that were posted may just be a subset of what was stolen.
So: if you have a LinkedIn account, change your password *now*. If you use the same password for other sites, it would be adviseable to change it there as well, since it isn't hard to go from a LinkedIn account and start making guesses about accounts elsewhere on the Internet.