I’m currently reading through a list of passwords containing a lot of occurrences of “linked” “linkedin” and “link” They come from a dump of 6.5 million password hashes posted online last night. If you’ve used your LinkedIn password on other sites, go change it on those sites now, and prepare to change it on LinkedIn after they figure out what happened and close the hole (if they were even hacked).
You can download the LinkedIn password dump here: [disk.yandex.net] I’m starting to doubt the legitimacy of the “dump” though.
More to come…
Doing a little research and it looks like the sha1 hash for my password does not appear in the dump. It may be possible that the hashes have been generated to look like they’re a LinkedIn dump.
Update 3: (sorry it’s out of order)
If the hash of your password does not appear in the dump, check if your hash with the first 5 characters changed to 00000 does…
And here comes the sensationalists. “More than 6.4 million LinkedIn passwords have leaked to the Web after an apparent hack. Though some login details are encrypted, users are advised to change their passwords immediately.” Doesn’t pay to fact check I guess. Sounds like they have no idea what they’re looking at in the thread it’s posted in either.
Another quick update. Yup, the verge is reporting the LinkedIn hack as if it’s a fact as well.