This morning it was reported that over 6.4 million LinkedIn passwords had been leaked onto the internet and were in the process of being decrypted by hackers. Now, LinkedIn has finally been able to confirm that the leaked hash did indeed contain LinkedIn passwords. Vicente Silveira, director at LinkedIn, made the announcement and outlined LinkedIn’s remedy for the situation in a post over at the LinkedIn Blog. From the post:
We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts.
Silveira stated that LinkedIn members whose passwords have been compromised have had their password invalidated and will not be able to access their accounts until they reset their password. Those members will receive two emails from LinkedIn. The first will outline the steps members must take to reset their passwords, but will not contain any links. This is in keeping with Silveira’s password advice posted earlier today that stated members should never change their password from an email link. The second email will be from LinkedIn customer service, and will explain the situation to members who are unaware of the password leak.
“We sincerely apologize for the inconvenience this has caused our members,” said Silveira. “We take the security of our members very seriously.”
This was a fairly quick and decisive response from LinkedIn. The most important piece of advice for users at this point is to change their password for any service that is using the same password they had been using for LinkedIn. Of course, questions still remain about how the passwords were obtained from LinkedIn in the first place.