Rumor has it that 6.5 million LinkedIn passwords have been leaked to a Russian hacker forum. (CONFIRMED)
On June 6, 2012 at 8:06am CST, LinkedIn posted a tweet that they are investigating these reports.
[tweet https://twitter.com/LinkedIn/status/210356987576324096]
Be sure to follow https://twitter.com/#!/LinkedIn for updates. You can view updated on the above tweet at https://twitter.com/LinkedIn/status/210356987576324096.
For security reasons, it is strongly advised that you change your LinkedIn password ASAP.
How to Change Your Password at LinkedIn:
- Go to http://linkedin.com
- Login to your account
- Click on your name in the top right corner to access the dropdown
- From the dropdown, click on “Settings”
- On the left side of the page under your primary email, click “Change” next to Password
- Follow the onscreen instructions and change to a strong, unique, hard-to-guess password.
A big shout out goes out to Tony Perez of Sucuri for making us aware via Facebook and on his post “Public Service Announcement: LinkedIn Users Change Your Passwords.”
#1 UPDATE FROM LINKEDIN TWITTER 6/6/2012 AT 10:18AM CST
[tweet https://twitter.com/LinkedIn/status/210390233076875264]
#2 UPDATE FROM LINKEDIN VIA TWITTER 6/6/2012 AT 1:12PM CST
[tweet https://twitter.com/LinkedIn/status/210434034625548291]
New article: Updating Your Password on LinkedIn and Other Account Security Best Practices
#3 UPDATE FROM LINKEDIN TWITTER 6/6/2012 AT 2:39PM CST
[tweet https://twitter.com/LinkedIn/status/210456002884145152]
Confirmed Accounts Compromised – New article: An Update on LinkedIn Member Passwords Compromised
#4 UPDATE FROM 6/7/2012 at 12:23PM CST
Phishing emails are been reported that appear to be from LinkedIn with a Sign In button. Do not click any links in any email that appears to come from LinkedIn. LinkedIn has clearly stated there will be no links in their emails.
These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
~ Source LinkedIn
To update your account, login at http://linkedin.com
Note: If you are unfamiliar what phishing emails are, they are fake emails that look legit from a company and/or person you know. The From address and the text may look normal, but the links are spoofed to go somewhere else. To see where hyperlinks are directed, you can put your mouse over links and look at your browser's status bar to see where it is linked to or look at the source code. Be careful when clicking links, they could open up an dangerous website that could infect your computer and/or steal your data.
For more information, see Sucuri's post: Publich Service Announcement: LinkedIn Spear Phishing Attempts
Leave Your Feedback
If you have any questions or find out any new information about the LinkedIn passwords being stolen, please leave a comment below. Let's all help each other stay safe.
Please do your part and share this post with others to help spread awareness.
I have made 3 updates since this post was published today. Please see the Updates section above for further developments.
Including Update #3 – LinkedIn has confirmed that accounts were compromised, so please take this seriously.
If you changed your password Regina, is that enough?
Great question David.
According to LinkedIn:
The above is great advice. My concern is for those that are using the same password for multiple log-in locations. It is a good idea to change any other website’s password that was the same as your LinkedIn account and use something unique for every place you log-in.
There were some other great tips from LinkedIn including:
At this time, that is all I know that we can do right now.
Thanks for the heads up, Regina. I changed my LinkedIn password before the official announcement, but after you notified us on Skype. Do I now need to change it again?
You’re welcome MaryJo. I changed my LinkedIn password this morning, but as a safety measure I think I’ll change it again this evening and again over the next couple of days just to make sure they have it all sorted out.
As always, very thorough answer. One to the things I love about Roboform (assuming Lastpass too) is the generate password so I don’t ever use the same password twice and I save it immediately and never have to remember…
Absolutely! Both Roboform and LastPass are great tools for password management. There is no way I could ever remember my crazy passwords (18+ characters). Thank goodness for my master password.
Warning: Watch for phishing emails from LinkedIn. Don’t click links! See Update #4 above for more information.
I just read the post at http://blog.sucuri.net/2012/06/linkedin-password-dump-verified.html. It’s astonishing at the weak passwords that were being used for LinkedIn user accounts. But not surprised. Still lots of work to do to educate people.
Thanks Regina, great info as usual. Yes I have changed my LinkedIn password too. I am making a short video on how to do that very thing and linking my post back to this one because of all your great security information! Thanks again, I’m sure glad I’m on your mailing list. 🙂
Hi Carla,
Thanks for the kudos. I appreciate that. Looking forward to seeing your video 🙂
Thanks, I changed the password. You keeping us updated as always, this information is worth thousands.
Thanks, I changed the password. You keep us up to date as always, this information is worth thousands.