In a blog LinkedIn has give latest updates on the passwords that were leaked yesterday. The post says:
Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published.
To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event.
According to the blogpost, the accounts for which passwords had been decoded were locked down, and users were sent an email asking to change their passwords. LinkedIn has also disabled the passwords of any other members that were suspected to be at risk. They too will receive a special email on how to reset their passwords.
The blogpost also mentions that the company is working closely with the FBI on the case.
LinkedIn’s blogpost is busy warning users about security measures regarding passwords. The basics remain pretty much the same, change your password every six months, don’t use the same password for different sites, add special characters, numbers to it etc…
It seems after the attack the company has also doubled up security on how its storing user passwords. LinkedIn’s blog assures users that their passwords have been ‘salted’ as well as hashed. Hashed is a common form of storing passwords for web applications. But salting makes it doubly harder for hackers to crack into a database. For more on salting click here.