Password Breach Prompts Quick Action from LinkedIn
Action to Take: Out of an abundance of caution, Socialware recommends that all LinkedIn users change their LinkedIn passwords immediately.
Yesterday, LinkedIn confirmed that some of its accounts’ passwords had been compromised. LinkedIn did not say how many members were affected, but earlier reports from outside the company put the number between 6 and 7 million. No Socialware software was affected by this breach, and to our knowledge no Socialware users had their LinkedIn accounts compromised.
Although there has been no sign that criminals took advantage of this breach, LinkedIn has apologized and taken immediate steps to secure the compromised accounts. Affected users will receive e-mails from LinkedIn informing them about what to do, which includes setting a new password the next time they use LinkedIn.
Note that, based on its security protocols, LinkedIn will never send e-mails to users asking them to click a link to reset their passwords. E-mails purporting to be from LinkedIn that contain such links are malicious — and should be treated as such.
Password Security: Best Practices
As a matter of ongoing security hygiene, we recommend that your organization follow these practices:
- Use strong passwords. Extensive security research — confirmed by previous password breaches that were made public — reveals that far too many end users employ trivial passwords such as “password” or “abc123.”
- Use different passwords for different services. If you use “p4ssW0rD” for LinkedIn, use “P455*w0Rd” for Facebook.
- Don’t write down passwords. (Especially not on a sticky note on your desk.)
- Change passwords regularly. We recommend reminding your users to change all of their passwords at least quarterly.
For more information, consult these resources:
- LinkedIn Blog — An Update on LinkedIn Member Passwords Compromised
- LinkedIn Blog — Updating Your Password on LinkedIn and Other Account Security Best Practices
- Sophos Ltd. Naked Security Blog — Millions of LinkedIn passwords reportedly leaked – take action NOW
- University of Texas Information Technology Services — Keep Safe with Strong Passwords