I changed mine anyway.

Wise move BDW, and either way, it won't do any harm.

It appears that the passwords are encrypted, so even if the hackers have them, they've yet to get to them.

The password are very weakly encrypted (no salt) and can be easily obtained if they are short or not sufficiently complex (a matter of seconds to decrypt a 5 character password, for instance). There are actually pointers in the file that around 1/2 may already have been decrypted.

I checked the file myself, and it did indeed contain my password, which was unique to LinkedIn. Many others have reported that their unique/randomly generated passwords are also in the file.

Anyone with a weak password, particularly one that is used elsewhere in association with their email address or name should change their passwords ASAP.

Anyone with a weak password, particularly one that is used elsewhere in association with their email address or name should change their passwords ASAP.

People that uses the same password anywhere will eventually get what they deserve, hacked.

I never use the same password on 2 different services and it's never just a word you could find in the dictionary either which is why I'm not worried if anyone ever gets one password, so what, now I have a problem with just one login.

Remembering unique passwords really isn't that hard except the ones you create when drunk and those can sometimes be a challenge to remember when (if) you're sober again ;)

LinkedIn have confirmed the hack over here: [blog.linkedin.com...]

Frankly, they should be a bit more upfront about the fact that they were not storing passwords in a manner anywhere approaching secure enough for a site with so much personal information on it (i.e. they should be using salt).

Let's face it, the average user could not function with the amount of passwords they need if they used complex passwords and changed them for each site, so the onus is on sites like linkedin to at least take sufficient steps to protect such people - even if their password management is the individual's own responsibility.

It's no surprise that there are passwords like "linkedin" in the list ;)

If someone puts a intricate password, forgets it or loses the account, they can restore the account using by phone verification or by using identity proof.

As one wag put it, "What are they going to do, go in and update your resume?"

As one wag put it, "What are they going to do, go in and update your resume?"

well..... if i knew every single place you worked, durations, what school you went to, and everything else in between about you. You'd be come pretty easy to clone.

Well, for starters one could start spamming all the people you're linked to. There are also paid ads there and other paid services that could be abused. If it's got a login, there is some way to abuse it.