As you undoubtedly are aware that LinkedIn has confirmed on Wednesday the news of its 6.5 million user passwords being hacked. The whole mess started when some unknown user uploaded a file on a Russian hacking web forum which contained millions of encrypted passwords of LinkedIn users along with a message that they are still trying to decrypt them. They even invited the whole hacking community to help them in decrypting those passwords.
In case you are not familiar with LinkedIn, it is a social network of professionals having a lot of information about almost 160 million users including some very confidential and personal information related to jobs being searched. Even many companies and recruiting services have their LinkedIn accounts where job seekers post their resumes and other professional information to get evaluated.
The official LinkedIn stance is that a very small percentage of passwords have been stolen. The official statement says out of 160 million user passwords, only 6,458,020 user passwords have been hacked. The company, however, added the concern that many users use the same passwords on multiple websites, which can provide ease to hackers in their ongoing decryption effort. LinkedIn, therefore, has advised users to avoid using the same passwords on multiple sites. They also advised users to change passwords each month for some time interval.
LinkedIn also suggested going for stronger passwords (having alphabets, numbers and special characters). Passwords that match dictionary words should be avoided. According to expert opinion, while making a password you should think of some meaningful phrase or a song, then create your password using the first letter of each word present in the respective song or phrase, this way your password will be unique and much stronger.
LinkedIn’s blog post explained the whole story and said that all compromised passwords have been deactivated, and members having affected accounts will observe that their accounts are no longer accessible via their old passwords.
Affected users will receive an email containing a procedure to change the password, and this email will contain no link. Once you have requested the password assistance, then you will receive an email containing a password reset link. After that user will receive another email containing a bit more context and instructions from the Customer support team.
Those Who Survived For Now
The experts from the security department have advised that the rest of the un-affected users should immediately change their passwords too, thanks to the powerful tools available to hackers nowadays which they can use to launch massive brute force attacks.
Procedure to Change the Password
Here is the procedure to change your LinkedIn password:
- Go to www.linkedin.com and login with your old username and password.
- After logging in to your account, click the setting button on the right top side
- You might be asked to log in again while choosing your settings
- When your settings are opened, click the account button at the bottom of the page
- Now in the ‘Email and Password’ link, you will find a link to change your password
- Use it and change your old password
If you are using the same password on other networks as you previously used in your LinkedIn account, do change your password too on other sites.
What Was the Most Popular Password?
According to a study conducted by Rapid7 (a security firm), here are the top 30 most popular passwords among the hacked LinkedIn passwords:
Infographic Courtesy: Mashable