Numerous security sites are abuzz about an estimated 6.5 million LinkedIn passwords that have allegedly been stolen. According to reports about 300,000 have been cracked and were posted in clear text on Russian forums.
Earlier today, LinkedIn confirmed in a blog post that some of the passwords did in-fact correspond to LinkedIn accounts. They also provided information on how they are handling the data breach:
Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
LinkedIn is continuing to investigate the breach, until then, the best bet is to immediately change your password. LinkedIn’s recommendations for strong passwords can be found here.