We didn’t see this one coming. About 6.5 million passwords belonging to LinkedIn have been leaked. And almost 60% of the passwords have been cracked already. The passwords on LinkedIn weren’t salted apparently, which made it pretty easy for the hackers to crack them. The company remained skeptical initially, but it finally came out in the open about the issue via its Twitter page. It is unfortunate that the passwords had to be given away this easily, as salted passwords would have taken a while to crack. The process of adding an extra string to the pre-encryption of the password so as to make it tougher or less prone to attacks like these is called “salting”.
LinkedIn has acknowledged this attack to be real and has locked down the accounts that were struck by the hackers and will be salting all passwords hence forth. It is advised that users change the password of their LinkedIn accounts immediately as well as any other accounts using the same email address and password. It is a pity that LinkedIn had to learn the effects of insecure password encryption the hard way. But better late than never, right?
LinkedIn has published a detailed post about the new revelation on its blog.