By now, many of you have read recent headlines reporting that 6.5 million LinkedIn hashed passwords were stolen and published on an unauthorized website. We take this criminal activity very seriously so we are working closely with the FBI as they aggressively pursue the perpetrators of this crime. As you may have heard, there have been reports of other websites that have suffered similar thefts. We want to be as transparent as possible while at the same time preserving the security of our members without jeopardizing the ongoing investigation. In this post, we want to address questions we’ve been receiving and share what we’ve learned so far about the incident, how we’ve responded, and what we’re doing to protect our members going forward.
First, it’s important to know that compromised passwords were not published with corresponding email logins. At the time they were initially published, the vast majority of those passwords remained hashed, i.e. encoded, but unfortunately a subset of the passwords was decoded. Again, we are not aware of any member information being published at any time in connection with the list of stolen passwords. The only information published was the passwords themselves.