Jun 6, 2012

Use LinkedIn? Time to Change Your Password


UPDATE: Want to know if your LinkedIn account password was one of 6.5 million that were leaked? You can now test your password on our tool: https://lastpass.com/linkedin to find out! Either way, we still recommend updating your account password.

Reports are now circulating that LinkedIn user accounts may have been compromised, after nearly 6.5 million hashed passwords were reportedly uploaded to a Russian hacker forum.

The popular business networking site has responded that they are looking into these reports, but we highly recommend updating the password for your LinkedIn account.

You can use LastPass to login to your LinkedIn account, go to your account settings page, and update the password to a new, randomly generated one using the LastPass password generator, located in the Tools menu in the LastPass Icon. LastPass helps automate the process by filling in your old password and confirming the update to your stored LinkedIn account when you've saved the new password.

With more than 150 million users worldwide, the breach seems to have affected about 10% of the user base. Although usernames do not appear to have been posted alongside the hashed passwords, Finnish security firm CERT-FI warned that hackers may have access to user email addresses in an encrypted form.

The LinkedIn passwords are said to be stored as SHA-1 hashes, a very secure algorithm, but the fact that they did not "salt" the hashes puts user data at significantly higher risk of being compromised. Reports indicate that weaker passwords - some 300,000 of them - may have already been cracked, and the hackers seemed to be reaching out to others in an attempt to crack more [the forum thread referenced appears to be inaccessible at the time of writing this post]. A number of LinkedIn users have already confirmed that their passwords were stolen in the breach.

If user passwords consist of dictionary words or are on the list of 'bad' passwords, then they have likely already been cracked. We still highly recommend updating your account password even if yours is much stronger. If you're new to secure password management, get started today by downloading LastPass, creating a free account, and updating your passwords to secure, generated ones.

Graphic courtesy of Lifehacker.com