Both LinkedIn and security experts advised Wednesday that LinkedIn users change their passwords as soon as possible.
LinkedIn continuing to investigate the situation and they are pursuing as far as next steps for the compromised accounts.
They advised users to pay attention if they do get an email from LinkedIn about resetting your password, and make sure it is from LinkedIn and not a phishing attempt, which will ask you to click on a link or cut-and-paste an enclosed URL in your Internet browser to confirm your email address.
Latest update from LinkedIn said that none of the 6.5 million user passwords that were stolen and published on a website have been used to get into member accounts.
LinkedIn director Vicente Silveria wrote on his blog (June 9, 2012):
By now, many of you have read recent headlines reporting that 6.5 million LinkedIn hashed passwords were stolen and published on an unauthorized website. We take this criminal activity very seriously so we are working closely with the FBI as they aggressively pursue the perpetrators of this crime. As you may have heard, there have been reports of other websites that have suffered similar thefts. We want to be as transparent as possible while at the same time preserving the security of our members without jeopardizing the ongoing investigation. In this post, we want to address questions we’ve been receiving and share what we’ve learned so far about the incident, how we’ve responded, and what we’re doing to protect our members going forward.
First, it’s important to know that compromised passwords were not published with corresponding email logins. At the time they were initially published, the vast majority of those passwords remained hashed, i.e. encoded, but unfortunately a subset of the passwords was decoded. Again, we are not aware of any member information being published at any time in connection with the list of stolen passwords. The only information published was the passwords themselves.
Last Wednesday, he wrote:
We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:
Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.
We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously. If you haven’t read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices.
Steps on how to change your password at LinkedIn:
- Log into LinkedIn.
- You should see your name in the top right hand corner of the webpage. Click on it, and you will open a drop-down menu. Choose "Settings".
- Choose the option to change your password.
- After entering your old password, you will have to enter your new (hopefully unique and hard-to-crack password) twice.
Please Feel FREE to SHARE this post with your FRIENDS...