It seems that LinkedIn can't catch a break these days.
Qualys researcher Francois Pesce used open source password cracker John the Ripper to try to crack SHA-1 hashes of leaked LinkedIn passwords.
LinkedIn has finally confirmed that some of the passwords that were leaked yesterday correspond to LinkedIn accounts, and has issued a list of steps that they are taking in order to ensure that that the leak doesn't result in hijacked accounts: 1.
News that an unknown individual leaked what appeared to be a batch of 6.5 million LinkedIn passwords on a Russian forum and asked for help in decrypting them spread like fire yesterday, and the users of the popular professional social network have been urged to change their passwords.
It has been a tough 24 hours for LinkedIn. First they were accused of storing users' potentially confidential private and business information on the company servers without their knowledge, and then it has been discovered that a batch of what are allegedly the LinkedIn passwords of some 6.5 million users was published on a Russian forum.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.