Bay Area IT Support & IT Services

The Intivix Blog

Business IT Articles, News and Tips

LinkedIn passwords hacked, please change your password!

Many reports have come out today that over 6.5 million LinkedIn accounts have been compromised. If you happen to have a LinkedIn account, it would be a good idea to change your password as soon as possible to avoid the possibility of identity theft.–linkedin-users-read-this-then-change-your-password

If you use the same password on other services, we suggest changing it on those as well. LinkedIn’s settings can be a bit confusing, so here’s what to do:

Go to

linkedin change password


Click on your name in the top right corner and select Settings.

change linkedin password


Click Change next to Password.

linkedin change password


Enter your current password and create a new one.

linkedin change password

6.5 million LinkedIn passwords reportedly stolen, posted online

If you haven’t changed your LinkedIn password in the past few months, now would be a very good time to do so

Details are murky, but Norwegian computer site reports that 6.5 million LinkedIn passwords were recently posted to a Russian hacker site. Quoting Norwegian consultant Per Thorsheim, the site says, “Those who posted [the passwords] wanted help to crack the codes. … Unfortunately, they are in a format that makes it relatively easy to break them.”

Thorsheim has been actively tweeting his discoveries, as has F-Secure’s ace sleuth Mikko Hipponen. LinkedIn confirms via Twitter that it is looking into the reports.

It’s important to realize that the reports state only the hashed passwords were posted. Email addresses (LinkedIn uses email addresses as log-on IDs) and other information were not posted.

The passwords were encrypted using an unsalted SHA-1 hashing algorithm. That means it’s easy to verify if a particular password is on the list; just put your password through the SHA-1 algorithm, and check what comes out to see if the hashed password is one of the 6.5 million. But there’s no known way to go from hashed password to the original — it’s a one-way encryption.

The implication, though, is that a big dictionary coupled with some inspired guessing can turn up many of the passwords.

While the ancillary details — particularly email addresses — aren’t posted, there’s no way to tell at this point if the password purloiners also have that information. That’s likely to be the reason why they were seeking information on cracking the passwords.

Peter Kruse confirms on Twitter that he changed his LinkedIn password “7 or 8 months ago,” and the hashed password on the list matched his old password. That’s an indication — but not proof-positive — that the leaked list is many months old.

Now would be a very good time to change your LinkedIn password.

And if you reused that password on any other accounts — especially financial accounts or email accounts — you better get those changed, too.