Many reports have come out today that over 6.5 million LinkedIn accounts have been compromised. If you happen to have a LinkedIn account, it would be a good idea to change your password as soon as possible to avoid the possibility of identity theft.

http://www.thestar.com/business/article/1206692–linkedin-users-read-this-then-change-your-password

 

If you use the same password on other services, we suggest changing it on those as well. LinkedIn’s settings can be a bit confusing, so here’s what to do:

 

Go to linkedin.com.

 

linkedin change password

Screenshot

 

 Click on your name in the top right corner and select Settings.

 

change linkedin password

Screenshot

 

 Click Change next to Password.

 

linkedin change password

Screenshot

 

 Enter your current password and create a new one.

 

linkedin change password

http://www.infoworld.com/t/hacking/65-million-linkedin-passwords-reportedly-stolen-posted-online-194976?source=IFWNLE_nlt_daily_2012-06-06

 

6.5 million LinkedIn passwords reportedly stolen, posted online

 

If you haven’t changed your LinkedIn password in the past few months, now would be a very good time to do so

 

Details are murky, but Norwegian computer site DagensIT.no reports that 6.5 million LinkedIn passwords were recently posted to a Russian hacker site. Quoting Norwegian consultant Per Thorsheim, the site says, “Those who posted [the passwords] wanted help to crack the codes. … Unfortunately, they are in a format that makes it relatively easy to break them.”

Thorsheim has been actively tweeting his discoveries, as has F-Secure’s ace sleuth Mikko Hipponen. LinkedIn confirms via Twitter that it is looking into the reports.

It’s important to realize that the reports state only the hashed passwords were posted. Email addresses (LinkedIn uses email addresses as log-on IDs) and other information were not posted.

The passwords were encrypted using an unsalted SHA-1 hashing algorithm. That means it’s easy to verify if a particular password is on the list; just put your password through the SHA-1 algorithm, and check what comes out to see if the hashed password is one of the 6.5 million. But there’s no known way to go from hashed password to the original — it’s a one-way encryption.

The implication, though, is that a big dictionary coupled with some inspired guessing can turn up many of the passwords.

While the ancillary details — particularly email addresses — aren’t posted, there’s no way to tell at this point if the password purloiners also have that information. That’s likely to be the reason why they were seeking information on cracking the passwords.

Peter Kruse confirms on Twitter that he changed his LinkedIn password “7 or 8 months ago,” and the hashed password on the list matched his old password. That’s an indication — but not proof-positive — that the leaked list is many months old.

Now would be a very good time to change your LinkedIn password.

And if you reused that password on any other accounts — especially financial accounts or email accounts — you better get those changed, too.



Contact Intivix

Have A Technology Question? Ask Intivix