Earlier today, according to reports, several million LinkedIn passwords surfaced on a forum based in Russia. A file of about 6.5 million hashed passwords connected to LinkedIn accounts turned up online and a few hundred-thousand of the passwords have already been cracked, reports said.
Hashed passwords are passwords that have been encrypted using a certain algorithm. It appears that the passwords were hashed using an algorithm known as SHA-1 and are unsalted (salting is the process of adding random bits to hashed passwords to make them harder to crack), making them relatively easy to crack.
For several hours after it was first reported, LinkedIn did not acknowledged that its security had been breached, then the social network’s Director, Vicente Silveira, confirmed that passwords had been stolen from the site.
According to PC World, the file of hashed passwords had no other user account data attached to it, but it became clear that many of the password were connected to LinkedIn because of number of the decrypted entries contained the phrase “LinkedIn.” Many users still use passwords as simple as something line “EricLinikedIn” or “1234LinkedIn.”
Such passwords are not only relatively easy to crack, they also make it easy to guess a user’s other passwords across the Internet, like “EricFacebook” or “EricChaseBank.”
If you aren’t already, please strengthen your password practices — go long, even a few dozen characters or more, with no dictionary words and a healthy mix of letters, numbers and symbols. There’s plenty of apps to help you keep track of and encrypt all your passwords, too.
So, there you have it – no more excuses, folks.