X

What to do if your LinkedIn password is hacked

LinkedIn confirms a breach of millions of passwords. Now's the time to think about the security of all your online accounts.

Donna Tam Staff Writer / News
Donna Tam covers Amazon and other fun stuff for CNET News. She is a San Francisco native who enjoys feasting, merrymaking, checking her Gmail and reading her Kindle.
Donna Tam
2 min read

Update, 1:23 p.m. PT: Updated with LinkedIn's confirmation.

News of millions of LinkedIn passwords leaked through a user on a Russian forum is scary enough. It's important not to let the situation get worse. Be proactive about protecting your other accounts, particularly if you have the same password for all your accounts.

If that's the case, it's time to change them, Jeremiah Grossman of WhiteHat Security said in an e-mail to CNET.

He offered a few tips, via a blog post on how not to get hacked on the Web.

"You wouldn't have the same key for your home, car, office, safe, etc.," Grossman wrote. "For the same reason you shouldn't use the same password for all your online accounts."

He recommends picking passwords that are hard to guess, not found in the dictionary, six characters or more in length, and that have a mix of numbers and letters. Two examples are y77Vj6t or JX0r21b.

Since having multiple passwords can be hard to remember, you can write down the passwords on a piece of paper that fits in your wallet or on index cards that can be locked in your desk. Or, you can use a password manager, which is software that stores your password and encrypts the data Grossman says.

Chris Wysopal, of Veracode, said it's also good to keep a password manager, like the Password Wallet app, on your phone so you can access them easily if you are away from your computer. Additionally, he said it's important to change passwords if they have similar patterns. For instance, he said one of the hacked passwords he saw was "scottlinkedin" which could potentially be a security risk for Scott's other accounts.

"Someone might go to Facebook and try 'scottfacebook,'" he said. "It's good to have unique passwords for each one, but the pattern is so obvious, it's good to change the other passwords."

Prior to confirming the breach, LinkedIn offered similar advice on its blog, adding that passwords should be changed frequently, at least once a quarter or every few months.