It has been widely reported that 6.5 million password hashes have been posted on a Russian website under the request to help crack them.
LinkedIn is still investigating the report but confirmed that the hashes “correspond” to LinkedIn accounts.
LinkedIn has disabled numerous accounts and will be sending emails to accounts that have been closed. In an attempt to prevent phishing attacks, the emails will not have links. Instead they will have instructions on how to reset their accounts.
That said, phishing attacks are still expected. Be on the look out.
The threat to accounts is considered so great, LinkedIn is recommending that account passwords be changed ASAP. This is quite alarming, especially since many use the same password for various sites/networks.
This event reinforces the need to have separate passwords for EVERY site/network, and to change those passwords periodically.
If you have a LinkedIn account, change your password NOW! And if you use that password for other sites/networks, change those passwords too!
More info on this is sure to come.
OSG: Bits, Bytes and Packets 