on lastpass I inserted some random words to test if people used them as passwords.
They did! Lol!
Well I had changed my password on linkedln yesterday just in case, before this got mainstream, I didn’t used that website anyway but I made myself an account some time ago. The password was not the same with passwords on other websites that I have accounts. I checked if it was in those 6.5 million accounts stolen.
Surprise, it wasn’t.
This suggest a possible explanation. Probably those password were not stolen from the servers but by some sort of “man in the middle” technique.
Because I didn’t log in on LinkedIn for the past couple of months so maybe they didn’t stolen my pass because of this. This is just speculation from my part but the fact that LinkedIn DOESN ’T appear to use https when you log in, make this speculation plausible.
Nope, my password is so long, about 35 character and number combination, in all my account
What if I had an account but deleted it a while back ? Do they still keep data in their database ?