6.5 million LinkedIn passwords stolen

No primary category set

If you can’t get into your LinkedIn account today it’s because your password is in the hands of Russian hackers. A file containing some 6.5 million LinkedIn passwords was placed on a Russian website similar to a Dropbox account.

LinkedIn have posted on their blog that they’ll be emailing all affected users with instructions of how to reset their passwords. There will be no links to LinkedIn in this email.

LinkedIn have been criticised that their password protection security wasn’t up to scratch, they’ve already enhanced their security with hashing and salting of our their password databases. The compromised passwords were hashed but not salted which is a much stronger form of encryption.

If your LinkedIn password was compromised and you’ve used the same password on other sites then you need to change them all. Don’t forget it’s easy to follow a user from LinkedIn to your website, your blog, Twitter, Facebook and any other linked accounts. We’d recommend that you don’t use the same password again.

How to generate a strong password

Many sites (including LinkedIn) suggest that you not only use a long complex password but that you also change it every few months. Realistically that’s not going to happen for most people but at the very least we’d recommend you generate one very long complex password that you won’t forget but that you never write down. One of the biggest security breaches comes when you have a notebook full of passwords laying around to be copied or stolen (admittedly more of a problem in an office than at home).

A good way to generate a secure password is to take a memorable song or poem, take the first letter of each word, and then exchange some letters for number and symbols with a mix of lower and upper case. For instance from the nursery rhyme “Jack and Jill went up the hill to fetch a pail of water” an easy password to remember would be “J&Jwuth2f@pow”.

2 Responses

  1. We all new this would happen sometime. If it isn’t linked in it’ll be some other.
    About the advice on passwords protection I don’t quite agree that it is a solution, though it’s one of the best I’ve seen. The problem is that we cannot generate dozens of strong passwords – our memory just isn’t taylored for that. We can generate a couple good or a lot of simple ones. If IT guys force us, either we repeat them or we note them down. And the mathematical strenght goes down again.
    Good luck you guys from linked in, google, facebook, … And remember we are human!

RELATED POSTS..

Temu MASA Certification for User Security and Privacy

Temu MASA Certification for User Security and Privacy

TikTok European User Data Security update

TikTok European User Data Security update

Hack4Values Pro Bono bug hunters for NGOs & nonprofits

Hack4Values Pro Bono bug hunters for NGOs & nonprofits

TikTok Project Clover to safeguard UK EEA User Data

TikTok Project Clover to safeguard UK EEA User Data

Amazon-Secure-Delivery-One-Time-Password-shutterstock_2186082053

Amazon Secure Delivery (One-Time Password)

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars