Robert David Graham has confirmed the 6 million user dump as he had found his password for LinkedIn that he uses no where else. Luckily the passwords where not plain text, all though it is not hard for attackers to crack the hashes as the passwords are encrypted with SHA-1.
An excerpt from the password hash dump:
000000a9da36caf22886a0203caa29e7d2631174
000000a9d9ccfdca4d241e44d415c15dba0b4c28
000000a9298b1bfc8d1237d6f3995b2d2625ce3a
000000a92ee7725afdcac707d22e2333531f9e51
000000a92dbec5cff02bfa678a0f7a78b6a46573
323300a988286c019e2dcc3100b355557257f632
923b00a9574dd89143cde9db87871890a1082bc2
3c4400a900d31c9634e355e18975f8cfe710ab7d
354b00a96d36f0c48d0c286b29120f8409e3bde1
405700a93eac557d85d2f1347db8f9a312557fc8The original file that included the 6 million passwords was located here: https://disk.yandex.net/disk/public/?hash=pCAcIfV7wxXCL/YPhObEEH5u5PKPlp%2BmuGtgOEptAS4%3D but as since been removed by the website.
LinkedIn says,
Now we wait to see how long it takes the LinkedIn security team to find how and when they where breached.
