LinkedIn has had a slew of security problems in the past few months, and yet another has just affected millions of users. A Russian forum user has claimed to have stolen and uploaded 6.5 million passwords from the site, and Twitter has reported that they found their own hashed LinkedIn passwords on the list posted in the Russian forum.
LinkedIn tweeted last yesterday afternoon that they were on top of the situation and were looking for security breaches.
Many of the passwords posted in the forum are variations on the word “password” and “linkedin,” which seems to indicate that the entire list may not be accurate. LinkedIn uses one of the most secure algorithms currently known when it comes to password encryption. Still, short and simple passwords may be vulnerable, while more secure passwords will take longer to decode.
Graham Cluely, security expect at Sophos security, is advising all LinkedIn users to change their passwords immediately. Even if there was no breach and the list posted was fake, it’s better safe than sorry. If the report is true, it’s likely that a team of hackers is working tirelessly to decrypt the unsalted passwords.
To change your LinkedIn password, log in and click on your name in the upper right hand corner of the page. Click “Settings,” and click on the “Change” link next to the word “password”. Cluely recommends you choose a more secure and complicated password.
As of this morning, LinkedIn hasn’t found any security breaches, but they are still working hard to find out where the list came from.