The around 6.5 million passwords (encrypted as they may be) have made their way to a Russian hackers forum. Norway’s Dagens IT (Google Translated) says that no less than 300,000 of the passwords have already been decrypted. The passwords in the file are hashed using the SHA-1 algorithm and the file does not contain e-mail addresses, too. Still, Graham Cluley, from web data security company Sophos, says that it can be assumed that the attackers may have that data, too. He also called the practice of using the same password for multiple sites a “recipe for disaster”. Hackers tend to post encrypted files online in an attempt to get help decrypting them. LinkedIn has said in a Tweet that it’s investigating, but it can’t confirm a security breach at the moment. There are users replying to the tweet and saying that they have found their passwords in the list. The best thing to do right now is to change your LinkedIn password — quickly. Also, if you’re using the same password for other sites, change those passwords too.
Change Your LinkedIn Password
Log in to your LinkedIn account, then, on the top left, hover the cursor over your name, then click Settings.
In the screen that comes up, click Account, then Change password.
Now enter your current password, the new password, and then confirm the new password. Then click Change Password and you’re all set.
It’s not too difficult, but it could save you quite a bit of trouble. A best practice is to create a strong yet easy to remember password. Comment
Δ