Earlier today rumors started sweeping across the Internet that LinkedIn account passwords had been leaked online. A few hours later, LinkedIn confirmed that the rumors were true; millions of account passwords had been compromised and posted online.
Almost just as fast as the story started spreading, a link to LeakedIn.org was being passed around as a way to check if your password was leaked in the security breach. To figure out if you're affected, LeakedIn requires you to enter your account password. Your password is then converted to its SHA-1 equivalent and then is compared to the list of leaked passwords.
A red light means your password appears on the list, a green light means you are in the clear. At least, in theory.
Before you jump at the chance to check your password, ask yourself if it's really a good idea to enter your password on some random Web site. The answer should be an unequivocal no. You have no idea what is really being done with the information you enter.
Instead, do yourself a favor, don't check to see if your password was leaked. Don't pass go. Don't collect $200. Go directly to your account settings and change your password, just to be safe. If you use that same password on more than just your LinkedIn account, go and change those account passwords as well.
LinkedIn has stated the passwords for accounts associated with the leak have been invalidated. A series of e-mails will be sent to those members affected with further explanation of what steps need to be taken.
I'm sure LeakedIn was built with every honest intention of helping fellow LinkedIn users. However good-willed its foundation may be, stay clear. It's good practice and good ol' technology common sense.
Updated June 6, 2012 to include information about how LeakedIn handles your password.