Reports of 6.5 million LinkedIn password hashes being leaked for certain users went out this Wednesday. Users are both concerned and apprehensive about the fact that whether they are a victim as well.
This massive leak of passwords is an effect of LinkedIn using unsalted hashes. Salting is a process that involves inserting random characters into the hash that make it more difficult for people trying a brute-force attack.
LinkedIn on its official blog has responded to the fears mentioning customer security as its primary concern and stating that all the users whose passwords have been compromised would soon receive an email asking them for a password reset. These emails will not have direct links for password reset, but will include a multi-step process to verify the user. LinkedIn also states that it would now be working on ‘salting’ its password hashes. This enormous breach has brought extreme disappointment amidst the users.
A New York based web developer has come out with a web app ‘LeakedIn’ that allows users to check whether their LinkedIn password has been compromised.