[Infowarrior] - Linkedin passwords reportedly compromised

[Richard Forno]

Unscrewing Security

Alec Muffett

http://blogs.computerworlduk.com/unscrewing-security/2012/06/if-it-turns-out-that-linkedin-passwords-have-leaked/index.htm

If it turns out that LinkedIn passwords have leaked...

...here's what you should do

Published 12:31, 06 June 12

Rumours are circulating on the net that a database of hashes of LinkedIn passwords has been published on a Russian hacker site.

I cannot confirm this but if the article referred to above is correct then there is a risk to LinkedIn users; password cracking software such as Hashcat can be brought to bear on the problem, and passwords that are derived from common words and phrases - or which are just too short - can and will be broken.

I'll write more soon, but in the meantime:

	• Choose a new password - a short phrase, make it twelve or more characters long; don't worry too much about making it look random but instead make it long-and-memorable and use proper spacing and (perhaps) punctuation.

	• See this famous cartoon for techical explanation, but don't reuse the password it suggests.

	• Change your LinkedIn password to the new password.

	• IMPORTANT: Finally, think of all the other accounts you have - e-mail, Gmail, Instant Messenger, Skype... which use the same password. Change all of them, too - ideally use different new passwords for each one.

The reason for the final step is that someone can easily cross-correlate your e-mail address from your LinkedIn login to (say) Skype, and use the (assuming this is all true) old LinkedIn password database to break into that.

This would be very unfortunate, but quite easy to achieve.

We now return you to your natural state of paranoia; updates will be posted here as/when events warrant.