LinkedIn is written almost entirely in Java, so Devise would not have worked out that well. Using something like jBCrypt would have been almost as easy, though -- if they'd thought of it from the beginning.

The failure here is just that whoever wrote the auth code didn't know that it was a problem, or thought (incorrectly) that using something like bcrypt would be significantly more effort.

I'm not sure Rails would be the go-to platform is security is a primary concern...

Sure thing:

Security announcement: Devise v2.2.3, v2.1.3, v2.0.5 and v1.5.4 released

http://blog.plataformatec.com.br/2013/01/security-announceme...

Upgrade immediately unless you are using PostgreSQL or SQLite3.

So using a real database mitigated the entire issue. Secondly, this security issue doesn't allow you to retrieve every user's password in 8 hours.