6.5 million LinkedIn password hashes have been posted to a Russian web forum. LinkedIn have tweeted that they are investigating, but haven't yet published any details.

To be clear, usernames have not been published and password hashes (encrypted passwords) are not usable until they have been cracked. Therefore, the scope of the breach is still unknown. Publishing the password hashes on the web means that hackers and anyone else can start cracking LinkedIn passwords without having to actually break in to the LinkedIn servers. The threat here is to users of the LinkedIn service who are ALL advised to change their passwords ASAP.

While we are writing about passwords, its worth noting that users should not reuse passwords for different websites/services. Creating a different password for every service you use will prevent attackers from automatically owning your bank account when they crack a seemingly unrelated password, like your LinkedIn password.

Further reading

• http://www.zdnet.com/blog/btl/646-million-linkedin-passwords-leaked-online/79290