Do yourself a favor, don't check if your password was leaked. Ever.

Don't check if your password was leaked on some random Web site, simply change it.

Earlier today rumors started sweeping across the Internet that LinkedIn account passwords had been leaked online. A few hours later, LinkedIn confirmed that the rumors were true; millions of account passwords had been compromised and posted online.

Screenshot by Jason Cipriani/CNET

Almost just as fast as the story started spreading, a link to LeakedIn.org was being passed around as a way to check if your password was leaked in the security breach. To figure out if you're affected, LeakedIn requires you to enter your account password. Your password is then converted to its SHA-1 equivalent and then is compared to the list of leaked passwords.

A red light means your password appears on the list, a green light means you are in the clear. At least, in theory.

Before you jump at the chance to check your password, ask yourself if it's really a good idea to enter your password on some random Web site. The answer should be an unequivocal no. You have no idea what is really being done with the information you enter.

In the case of LeakedIn, when you enter your password on the site, JavaScript is used to convert your password to SHA-1, all done locally, before cross-referencing your password. This post over on ZDNet details the process a bit more, and may help put your mind at ease should you decide to enter your password.

Instead, do yourself a favor, don't check to see if your password was leaked. Don't pass go. Don't collect $200. Go directly to your account settings and change your password, just to be safe. If you use that same password on more than just your LinkedIn account, go and change those account passwords as well.

LinkedIn has stated the passwords for accounts associated with the leak have been invalidated. A series of e-mails will be sent to those members affected with further explanation of what steps need to be taken.

I'm sure LeakedIn was built with every honest intention of helping fellow LinkedIn users. However good-willed its foundation may be, stay clear. It's good practice and good ol' technology common sense.

Updated June 6, 2012 to include information about how LeakedIn handles your password.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Mac running slow?

Boost your computer with these five useful tips that will clean up the clutter.