On Wednesday morning a Russian hacker was able to steal close to 6.5 million LinkedIn user passwords. One saving grace is that user’s names and/or profile names were not included in the list so the hacker was only able to acquire user passwords. However, users should still be concerned because passwords can be dumped into a hacker’s database and used with collected user names and email address to try and access other sites and soical networks.
Why would this work?
Hackers know that most people use the same username and password for most of their website log-ins.
Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
There is good news! You can check if your LinkedIn password was stolen without logging into LinkedIn. The password management firm LastPass has released a secure tool to help verify if your password was among the stolen.
First, you want to go to the LastPass’s tool page for LinkedIn in users. Next, enter only the password into the box. Don’t worry the service computes your passwords SHA-1 hash and sends the result to LastPass.com. It then searches the list of 6.5 million leaked password hashes. Your password is not stored by the system.
If your password has not been compromised, you will get a message like the one below.
Even if your password was not one of the stolen, you should change your LinkedIn password anyway for good measure. Once you have changed your password, keep in mind any app or programs that posts or pulls data from your LinkedIn account will no longer work, ie Hootsuite, Buffer, Empire Avenue, Tweekdeck, and any Mobile application that links to your account will need the new password.
If your password is confirmed as being stolen, things can be a bit more dire. Besides the changes listed above, you will also want to change the password for any account using that password including your email account. As stated in the beginning of this post, hacks will try to match your password with any user names or email address acquired from other places or user sniffer bots. They will try to access as many websites as they can including social networks, banking, credit cards sites, and many others.
Now is the time to consider forming good online habits by using unique passwords and users names for each of your websites.
+Anderson Curry is publisher of Digital Life CEO and Managing Partner at ECS Media Interactive, an Internet marketing agency. Anderson has more than 20 years experience in the technology and marketing industries. He regularly writes and speaks on brand development, social media, technology, and the emergence of the new digital CEO.
Welcome to DigitalLifeCEO.com, the online resource for CEOs, entrepreneurs, and business owners to find useful information about running their business and staying ahead of the competition in the new digital age.