Although not yet confirmed by the business-networking website, it is being widely speculated that over six million passwords belonging to LinkedIn users have been compromised.
A file containing 6,458,020 SHA-1 unsalted password hashes has been posted on the internet, and hackers are working together to crack them.
Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals.
Investigations by Sophos researchers have confirmed that the file does contain, at least in part, LinkedIn passwords.
As such, it would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step. Of course, make sure that the password you use is unique (in other words, not used on any other websites), and hard to crack.
If you were using the same passwords on other websites – make sure to change them too. And never again use the same password on multiple websites.
How to change your LinkedIn password
1. Log into LinkedIn.
2. You should see your name in the top right hand corner of the webpage. Click on it, and you will open a drop-down menu. Choose “Settings”.
3. Choose the option to change your password.
4. After entering your old password, you will have to enter your new (hopefully unique and hard-to-crack password) twice.
Don’t delay. Do it now. And if there are any more updates from LinkedIn we will let you know.
Update: LinkedIn has now confirmed that users’ passwords have been exposed.
(By the way, if you use LinkedIn and want to keep up-to-date and discuss the latest security news – make sure to join the Naked Security LinkedIn group).