The business-focused social networking website LinkedIn has this week confirmed that “some” user passwords have been hacked, stolen and compromised by what appears to be a Russian web forum.
After initial reports suggesting that as many as 6.5 million properly encrypted passwords had been stolen, the company’s Vicente Silveira has detailed the steps taken by his company to rectify the issue.
All members whose passwords have been compromised will now find that their LinkedIn account password is no longer valid. All these members will have received an email CONTAINING NO LIVE LINKS, but with instructions on how to “request password assistance” to then receive a subsequent email from LinkedIn with a password reset link.
LinkedIn’s Silveira also reminds users that members whose passwords have not been compromised will still now benefit from additional security measures the company has put in place, which involve the “hashing and salting” of its current password databases.
In his role as director at the San Francisco based social network, Silveira has also issued his own set of guidance on how to update your LinkedIn password and follow some industry-standard best-practice advice when it comes to security best practice.
For those users who now want to visit the site and perform a basic password change, the BBC News website has provided the following instructions:
- Visit www.linkedin.com, and log-in with your details
- Once logged-in, hover over your name in the top right-hand corner of the screen, and select ‘Settings’ from the menu
- You may be asked to log-in again at this point
- On the next screen, click the ‘Account’ button which is near the bottom of the page
- Under the ‘Email & Password’ heading, you will find a link to change your password
If you happen to use the same password that you use on LinkedIn for other sites, it makes very good sense to be sure to change those too.
Email-based scams resulting from this high profile hack are reported to already include links to counterfeit drugs websites and data website e-Harmony. Users are reminded to be wary of all “warning” emails that differ from the format described above here.