News broke today that nearly 6.5 million LinkedIn passwords were stolen and distributed online. According to Mashable it was Russian hacker who claimed to have stolen nearly 6,458,020 encrypted LinkedIn passwords and posted them online (without usernames).
In a blog post the company announced that it was still investigating the situation. The blogpost goes on to say:
Here is what we are pursuing as far as next steps for the compromised accounts:
• Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
• These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
• These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases
LinkedIn has nearly 160 million users worldwide and around 15 million in India. If you are worried that your password was compromised, there is a solution available online.
As always LastPass recommends that users should change their password immediately if it was has been compromised. Users should also change their password if they are using the same LinkedIn password to log into to other online accounts.
So how does LastPass work? Don't worry it won't steal your password. Users can enter their LinkedIn password, and then LastPass computes its SHA-1 hash and sends the result to LastPass.com to search the list of 6.5 million leaked password hashes.
A hash is a mathematical function that is simple to perform in one direction, but very difficult to reverse. Meaning, the tool will convert your password into a series of characters in such a way that it will be very difficult to re-construct your original password.
LastPass will also not store your password.
Meanwhile eHarmony has also faced attacks from the same Russian hacker. The dating website said a “small fraction” of its users had been compromised. Ars Technica reports that said it found about 1.5 million passwords leaked online that appeared to be from eHarmony users.