Beaches Not Breaches

LinkedIn: Ugh Okay Fine, Your Passwords Were Leaked

Admitting you're wrong is the first step to stock recovery.
 LinkedIn: Ugh Okay Fine, Your Passwords Were Leaked

coughSorry!cough (flickr.com/joi)

After denying it for hours, professional social network LinkedIn has finally copped to the news we reported earlier today: yes, your password may have been leaked.

The company took to its blog a few moments ago with a post entitled “An Update on LinkedIn Member Passwords Compromised:”

We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts….It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

The company has reset all of the passwords for those users who were affected, and will dispatch an email with instructions on how to get back into your account.

It’s unclear whether LinkedIn passwords were hashed and salted prior to this breach, but the blog post sure makes it seem like, as one Verge commenter put it, “It took a breach of 6.5 million passwords for them to salt their database. That is worrying.”

Meanwhile, you can check if your password was breached by using LeakedIn. As Betabeat mascot Steve Spillman noted, “If your password was ‘ilovemywife’ then ya burnt, someone is taking over your linkedin identity right now.”

Follow Jessica Roy on Twitter or via RSS. jroy@observer.com