This was just posted: Linkedin password statistics – Pastebin.com. Stefan Venken used easy to access tools (“HashCat / Jtr and publicly found wordlists on a customer grade laptop”) and turned it on the 6.5 million linked in passwords and it turns out “1.354.946 were recovered within a few hours time”.  No special software, and no massive hardware. (Of course he knows what he is doing, but so would anyone determined to access them).

It would be ideal if every site had strong security methods to protect passwords: you need to assume the opposite and take steps to make your password strong, as well as making sure you have different passwords for different sites (especially for sites that are strongly associated with money or your identity).

For more on hashcat, go here: oclHashcat-plus – advanced password recovery