LinkedIn Passwords Hacked

You might want to change your LinkedIn password.

Russian hackers released a giant list of passwords this week, and on Wednesday security researchers identified their likely source: business social networking site LinkedIn, according to a report by WCVB-TV.

LinkedIn confirmed in a blog post late Wednesday afternoon that some of the stolen passwords correspond to LinkedIn accounts.

The company did not offer any information about how the passwords were stolen or the extent of the damage, but it said it is "continuing to investigate" the matter.

The 6.5 million leaked passwords were posted Monday on a Russian online forum, camouflaged with a common cryptographic code called SHA-1 hash. It's a format that's considered weak if added precautions aren't taken. Roughly half of the "hashed" passwords have already been decoded and posted online in human-readable text.

Several security researchers tweeted Wednesday that they have found their passwords among those that were revealed. Web security firm Sophos said it matched many of its researchers' own passwords that are used exclusively on LinkedIn.

Countless passwords on the list contain the word "linkedin." On a popular hacker forum, many reported finding passwords such as "linkedout," "recruiter," "googlerecruiter," "toprecruiter," "superrecruiter," "humanresources" and "hiring."

The good news is that so far, no user names have been discovered in the list. It's highly recommended that you change your password, but after that you should be OK.