Thursday afternoon this week LinkedIn head Vicente Silveira updated the world on what their findings were regarding the hack attempt on their site earlier in the week. This report included 6.5 million hashed LinkedIn passwords being shared, but not one single account actually being compromised. The hack attempt ended up spilling millions of passwords, but none successfully tied to a user account. Regardless of this, LinkedIn is taking measures to assure that this event is cleaned up after and that the passwords that were revealed are dealt with accordingly.
This update includes scrubbing the passwords that did end up getting decoded (aka unhashed, if you will), this meaning that if you were one of the people to have the passwords that were revealed in this hack, you’ll soon have to change your password even if you do not feel you need to. All of the revealed passwords have been invalidated – or will be soon – and everyone else in the LinkedIn universe is being asked to update their password one way or another.
In addition, Silveira had the following slightly more specific set of details on how the hack came to be:
“Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published.
To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event.” – Silveira