Should I be worried if my LinkedIn account has been hacked?
The answer to this question depends on another important question; do I use the same password on any other websites?
If the answer to this second question is Yes, then you should seriously consider logging into any other sites that you have used that same password for and changing it there to something not related or a variant (i.e. do not simply add 1 to the end). As well as changing the account password for LinkedIn now that this has been compromised (you can check if your account has been compromised here).
It may not be the worst thing if your LinkedIn account is compromised, but you need to make sure that you haven’t let anyone gain access to your other sites, some which may be more critical. Generally users do not reveal any financial information within their LinkedIn profile. However a hacked account could get its connections removed which is troublesome if you wish to re-connect with your contacts. We recommend exporting the list of your LinkedIn contacts as a backup from their page here.
As you may have read in the news, LinkedIn’s password list was recently compromised by hackers (in addition to other high profile web sites).
Although the passwords were stored in a hashed form – hashing refers to converting a word into a longer series of unrelated characters to hide the word from being stored in plain text - on LinkedIns servers, hackers have been able to reverse engineer the hashed version back into the original words and therefore search the list for any other users with the same hash (and therefore the same password). For instance if you used ‘linked123′ as your password, once this was retrieved from the list of hashed password entries it is possible to easily find any other users who also use this as their password. It has emerged that ‘link’ and other variants such as ‘linked’ were among the most popular words in the passwords published.
We recommend not using words in your passwords, but rather a random string of characters. This brings with it its own challenges in that by their very nature these passwords are not memorable. We also recommend using a different password for each web login you use.
In order to make this workable in reality we need to use a program to store these random passwords for us. 1Password and LastPass are our current recommendations to achieve this. Both programs work on Mac, Windows, Apple iOS and Android devices and will automatically fill in the password for you when you land on a website.
There are a few steps to take when switching to using these type of programs; you ideally want to login and change your old ‘poor’ passwords and tell your program the new password (which it can randomly generate for you). All your passwords are then stored in a database and are available to you from any browser or from your mobile devices.
If you require any assistance with the strengthening of your password setup or in the transition to a password manager, please contact us.