Earlier this week, news that 6.5 million LinkedIn accounts may have been stolen from the company’s servers created quite the news storm. Looking past the Wall Street impact, if you have a LinkedIn account, what does this mean for you? Here is some information related to the theft, and your possible recourse:
Where did the hack originate?
A web forum in Russia has posts from an individual taking credit for the theft (often called a hack). There is no immediate way to know if this is the individual, but it is highly possible that the hack occurred at the hands of an individual. No website is completely immune from a theft like this.
What was stolen?
The thief (or group of hackers) posted roughly 6.5 million hashed passwords to the Russian forum, and based on data released by security software firm Sophos, up to 60 percent of those passwords may have already been cracked. While it does not appear that user names have been posted, that doesn’t mean they weren’t stolen as well.
Has my LinkedIn account been hacked?
It’s likely that the password you used has been stolen, but that doesn’t mean it has been “cracked” and shared with the public via the Russian (or other) website(s). The passwords were hashed using SHA-1. They won’t be readable without the right software. Unfortunately SHA-1 isn’t foolproof so it could be a matter of time before all 6.5 million passwords are cracked and converted into plain text. Therefore, assume you’ve been hacked.
What should I do?
Change your password. Don’t click on or respond to any email with links that asks you to do so. It’s highly likely that other individuals will take advantage of this situation and attempt to gain other personal information by pretending to be LinkedIn. And don’t misunderstand – scams such as that can be highly sophisticated. LinkedIn has a blog post on how to change your password and about Internet security. LinkedIn will send you an email that does not contain links if they believe your password has been compromised.