Yesterday, a person in Russian Forum posted a file which contains more than 6.5 million passwords hash. He also claims that these passwords belong to LinkedIn and was asking for help to crack these hashes.
After few hours, LinkedIn confirms that these passwords belong to LinkedIn and advised users to change the passwords. LinkedIn also said that it will send email to all users whose password has been compromised.
If you do not want to wait to receive the email or have doubt whether your password belongs to the list or not, LastPass has released a secure tool to check if your password was among the stolen or not.
Passwords were encrypted with SHA-1 which is considered secure but simple passwords can be cracked.
How This Works:
This tool asks for users’ password and then computer the SHA-1 hash. Then it matches the computed SHA-1 and checks whether this belongs to the leaked passwords hash or not. If hash value of your password matches with any entry in the leaked list, your password is also compromised.
If your password is compromised then change your password as soon as possible. You must also change the passwords of those accounts which use similar password.