What to do if your LinkedIn password is hacked

LinkedIn has confirmed a breach of millions of passwords. Now's the time to think about the security of all your online accounts.

(Credit: CNET)

News of millions of LinkedIn passwords leaked through a user on a Russian forum is scary enough. It's important not to let the situation get worse. Be proactive about protecting your other accounts, particularly if they have the same password.

If that's the case, it's time to change it, Jeremiah Grossman of WhiteHat Security said in an email to CNET.

He offered a few tips via a blog post on how not to get hacked on the web.

"You wouldn't have the same key for your home, car, office, safe, etc," Grossman wrote. "For the same reason you shouldn't use the same password for all your online accounts."

He recommends picking passwords that are hard to guess, not found in the dictionary, six characters or more in length and have a mix of numbers and letters. Two examples are y77Vj6t and JX0r21b.

Since having multiple passwords can be hard to remember, you can write down the passwords on a piece of paper that fits in your wallet, or on index cards that can be locked in your desk. Or you can use a password manager, which is software that stores your password and encrypts the data, Grossman suggested.

Chris Wysopal, of Veracode, said it's also good to keep a password manager, like the Password Wallet app, on your phone, so you can access them easily if you are away from your computer. Additionally, he said that it's important to change passwords if they have similar patterns. For instance, he said that one of the hacked passwords he saw was "scottlinkedin", which could potentially be a security risk for Scott's other accounts.

"Someone might go to Facebook and try 'scottfacebook'," he said. "It's good to have unique passwords for each one, but the pattern is so obvious, it's good to change the other passwords."

Prior to confirming the breach, LinkedIn offered similar advice on its blog, adding that passwords should be changed frequently — at least once a quarter or every few months.


Add Your Comment 2

Post comment as

Chandler posted a comment   

Funnily enough this is the first place I've heard of a LinkedIn breach - I have had absolutely no contact from LinkedIn in regards to the possibility that my password has been hacked.

I even just got my "LinkedIn Network Update"... and not even a side note in there about the hack.

Companies really need to work on their notification of security breaches - the track record I've seen for myself so far sees online gaming sites ahead of social networks (which are repositories of good amounts of personal information...)


Chandler posted a reply   

Wow - just logged in to LinkedIn expecting sirens and alarms and there's... nothing...

There only just happens to be a story on the breach in my "LinkedIn Today" (top headlines from other sites - the 3 present being mashable.com, usatoday.com and inc.com): these stories could have been anything, it's just a good coincidence that 2 of the 3 the top stories being displayed all relate to the breach.

Disappointed LinkedIn. Very disappointed...

Sponsored Links

Recently Viewed Products