–Updated at 2pm pacific–
Earlier today, Norwegian computer site, DagensIT.no, reported that 6.5 million LinkedIn passwords were recently posted to a Russian hacker site. LinkedIn is continuing to investigate the incident, but has confirmed that “some of the passwords that were comprimised correspond to LinkedIn accounts.”
According to DagensIT.no, only the hashed passwords were posted. Email addresses (LinkedIn uses email addresses as log-on IDs) and other information were not posted.
Jim Walter, manager of the McAfee Threat Intelligence Service (MTIS) for McAfee Labs, said, “Today’s news of a possible LinkedIn hack is a good reminder to all internet users on the importance of maintaining an ever-changing and complex password. A secure passphrase may be the only thing standing between your personal data, and those that wish to steal it. Password maintenance is simply an unavoidable best practice in today’s digital world.“
Websites, such as LinkedIn, do have encryption measures in place to protect user’s passwords and sensitive records. However, this is a good time to change your password as a precaution. You should also update and monitor other password-protected accounts.
Tips for LinkedIn Users:
- Log into the LinkedIn website via a new browser window (do not access it through an email) and change your password using a unique, complex pass-phrase immediately. It’s a good idea to make it a monthly habit of updating your password.
- It’s a good time to change the passwords to all other accounts that require authentication, such as social networks, email and financial accounts, especially if you use the same password.
- Review your list of LinkedIn connections in your network to ensure there are none that do not look familiar.
- Beware of any phishing emails that claim to be from LinkedIn.
- Check that your privacy settings are set appropriately.
- Make sure your computer us up-to-date with all its critical security patches and your browser is secured.