> "hashed passwords"

Take a wild guess at what they are storing this time around.

> They lost hashed passwords which are not user credentials.

These passwords were unsalted sha1, that's about as good as rot13. Linkedin has clearly proved completely unable to do things correctly, if that applies to passwords it applies to everything else.

You do realize that cracking unsalted SHA1 passwords isn't that hard, right? Perhaps you should educate yourself on the wonderful world of GPU password cracking and the enormous speeds a handful of consumer-grade video cards working in concert can utterly smash through a database like this.

edit: Here's a blog post about being able to brute force 33.1 billion MD5 hashes a second using GPU's: http://blog.zorinaq.com/?e=43

> No, they don't, and you keep posting that they do despite being proven wrong several times in the past.

You must have me confused with someone else.

> They lost hashed passwords which are not user credentials.

While you may be technically correct about credentials vs. hashed passwords, that distinction isn't relevant here. Losing hashed but unsalted passwords is still just as harmful.

Otherwise, articles like this one would not exist: http://mashable.com/2012/06/08/linkedin-stolen-passwords-lis...