Update: LinkedIn reported on its blog yesterday that "To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member's account as a result of this event." The company also detailed the steps it is taking to protect members.
Reports began to surface earlier today that 6.5 million passwords that appear to be from popular social-networking site LinkedIn had shown up online, in an encrypted form, —apparently posted by a hacker who was asking for help in deciphering them. An additional 1.5 million of these encrypted "hashes" appear to be passwords for dating site eHarmony, according to Ars Technica.
LinkedIn confirmed on its blog that "some of the passwords that were compromised correspond to LinkedIn accounts" and that it is continuing to investigate. For those whose accounts were connected with the leaked passwords, the company detailed the steps it is taking:
1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in these emails. For security reasons, you should never change your password on any website by following a link in an email.
3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
To be safe, if you have an account with LinkedIn or eHarmony, we advise you to change your site passwords as soon as possible. Check out our advice on How to create a strong password (and remember it). And take a look at our Online Security Guide for more advice on staying safe on the Web.