LinkedIn Confirms 6.5 million passwords encrypted

LinkedIn faced a bad day for 6.5 million hashed passwords.

If you’re a LinkedIn user, we recommend you to change your password Immediately. If you used that password on any other online service, we recommend you change those passwords as well.

Update: LinkedIn has responded to the issue, updating its official Twitter account to state that it is “looking into reports.”

The passwords are encrypted with the SHA-1 cryptographic hash function, used in SSL and TLS and generally considered to be relatively secure, but not foolproof. Unfortunately, it also seems that passwords are stored as unsalted hashes, which it makes it much easier to decipher them using pre-computed rainbow tables.