Confirmed! 6.5 Million LinkedIn Passwords Compromised

LinkedIn updated today that the reports about some LinkedIn users passwords are indeed, in compromised!

In their latest blog post, LinkedIn Director, Vicente Silveira, expressed that the reports about the stolen passwords being associated with LinkedIn accounts were true and they're currently taking the necessary steps to prevent possible identity theft or any inconvenience it may cause.

We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:

1. Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
2. These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
3. These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously. If you haven’t read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices.

Three Forms of Your Facebook Password

If you haven't knew about this yet, your Facebook password has 3 variations which will still log you on to the site whichever variation you use: your original password, your original password with the first letter in CAPS LOCK, and your original password in all CAPS LOCK.

In an article update at ZDNet written by Emil Protalinski, He described how he was still able to log on to Facebook, one morning, with his keyboard caps lock button on. Upon his "accidental discovery" he then conducted a little research through a series of communication with Facebook which clarified the issue.

The three variations has its own reason why Facebook decided to allow them during sign in. The first password is the password you provided during sign up and you're expected to enter this information by default. However, since there are cases that you might also be logging in without noticing the caps lock keys on, Facebook realized to accept 2 additional variations for your convenience. The second password as shown above is for the case when you're logging in using a mobile phone wherein the first letter is always set to be capital when entering information. While the third password variation is for the case when you just forgot to off the caps lock button when logging in using your computer.

His second update in the article reads:

“Nothing is more important to us than the security of our users and their information,” a Facebook spokesperson said in a statement. “Our passwords are not case insensitive. We accept three forms of the user’s password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password, we also accept the password if a user inadvertently has caps lock enabled or their mobile device automatically capitalizes the first character of the password. We feel this does not significantly impact the security of the user’s password or their account. Additionally, we do not store our passwords in plain text we use several encryption technologies and techniques to maintain the security of our information.”

So don't be confused when you accidentally log in to Facebook with your password reversed.  the toggled password would still work on it.