More than 6.4 million users passwords have today been leaked on a Russian web forum by hackers. It is still important to note that the passwords aren’t in plain text and are encrypted (hashed) however according to the forum, hackers are being invited to help decrypt the passwords. It is therefore surly only a matter of time before these passwords are decrypted. For further information on the encryption see the technical section.
LinkedIn have yet to make an official statement but have tweeted that they are investigating but are unable to say if a security breach occurred. The official recommendation is to change your LinkedIn password and any other site using the same password. This is particularly important if your password is a simple dictionary word.
From a technical point of view it would appear that the passwords were hashed using the SHA1 algorithm. Although this is a relatively secure algorithm it is by no means foolproof. The worrying thing is that the hashes were not salted meaning that if your password is a very simple dictionary word it will takes only a matter of seconds to crack.
This article will be updated as more information is released.