The LinkedIn breach was not the result of an advanced attack.

It was the result of a design decision made years earlier.

MD5. No salt. Fast algorithm.

When the database leaked, the work was already done.

Real password security requires four things working together at the same time.

The right algorithm. Salting. A strong password. A high cost factor.

Any one of these in isolation is not enough.

LinkedIn had none of them.