Norwegian IT website Dagens IT first reported the breach, noting that the 6.5 million passwords were posted to a Russian hacker site.
LinkedIn has not yet confirmed the theft, instead Tweeting that they are investigating. However, at least one user has confirmed via Tweet that his password was among those in the data, meaning that even without company confirmation, it is apparently LinkedIn data.
Security expert Per Thorsheim Tweeted that the hackers have posted the encrypted passwords in order to get help in decrypting them. User details have not been posted to the Russian site; however, it is believed that the hackers most likely have access to user data as well as the passwords.
It's the second reported FUBAR for LinkedIn in the last 24 hours. Earlier, on Tuesday, it was noted that LinkedIn's iOS app sends back calendar data to the mother ship. While you have to opt-in to the app's calendar viewing feature, the fact that data is sent to LinkedIn - unencrypted, no less - was not divulged.
Nicely, LinkedIn responded quickly and modified the Android app to remove that functionality, making it live in Google Play immediately. An updated iOS app awaits App Store approval.
Update: LinkedIn has admitted that at least some of the passwords correspond to LinkedIn accounts.
While we have a LinkedIn account, we have been using a password storage and management system called LastPass for some time (there are plenty of others, including Roboform and KeePass). It allows us to generate strong passwords and keep track of them, even pushing them to our mobile devices as well (although that function requires payment; online-only access through the browser is free).
When we looked at our LinkedIn password, we discovered it was quite strong, and not one of the passwords we use for some commonly used accounts. We changed it, but lesson learned: never use the same password repeatedly, and make sure it is strong, as well.
That said, we will admit there are a couple of passwords we do use repeatedly for some commonly used accounts, ones that we have memorized. They are still strong, however.