Over 6.4million LinkedIn member’s passwords have been leaked and an investigation into the suspected data breach is underway. Here’s how to tell if your account has been compromised, and what do do if it has.
LinkedIn engineer Vicente Silveira has confirmed the professional network is continuing to investigate this situation via his official LinkedIn blog.
Silveira says members affected by the breach can no longer enter the site unless they reset their invalid passwords. He said users should follow these steps if their account has been compromised:
- Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
- These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
- These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.
Members not affected by the breach are also advised to update their passwords in order to benefit from the enhanced security that LinkedIn has recently implemented.
Internet security service provider Trend Micro says with the popularity of social media growing, the incident is a timely warning for people and reaffirms that users should have different passwords for all their social media accounts or risk identity left.
A spokesperson for Trend Micro said: “Many people make all their social media passwords either the same or one of three options so we can remember them, but if a cyber criminal breaks into one access point and then rolls-over to others, there is a big chance of identity theft.”
With this in mind, Silveira has the following account security and privacy best practices to help with crafting a strong password:
- Don’t use the same password on all the sites you visit.
- Don’t use a word from the dictionary.
- Select strong passwords that can’t easily be guessed with 10 or more characters.
- Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
- Randomly add capital letters, punctuation or symbols.
- Substitute numbers for letters that look similar (for example, substitute “0″ for “o” or “3″ for “E”.
- Never give your password to others or write it down.