LinkedIn disables passwords in wake of Gawker attack

LinkedIn is disabling passwords of users whose e-mail addresses were included in the customer data that was exposed in an attack on the Gawker blog sites.

The professional-networking site is taking this action to prevent any of its customers from having their LinkedIn accounts hijacked in the event that they used the same password that they used on any of the Gawker sites.

"There is no indication that your LinkedIn account has been affected, but since it shares an e-mail with the compromised Gawker accounts, we decided to ensure its safety by asking you to reset its password," the company said in an e-mail to users today.

To reset your LinkedIn password, go to the Web site and click on "Sign In" and "Forgot Password?" and follow the directions.

Gawker's Web site and back-end database were compromised, and passwords, usernames, and e-mail addresses for about 1.3 million user accounts were posted on the Pirate Bay Bit torrent site over the weekend. The passwords were encrypted with technology. However, weak passwords can easily be cracked by brute force attacks. (To find out how to check if you are at risk and get more details about the incident read this FAQ.)

People who use the same password on multiple sites are at risk of having their accounts on those other sites compromised. This happened already on Twitter, with some accounts being used to send spam shortly after the Gawker breach was publicized.

Security experts urge people to choose strong passwords, to change them often and to not use the same password on multiple sites.

Update December 15 at 9:46 a.m. PT Yahoo has asked some of its e-mail users to reset their passwords but did not say it was related to Gawker while World of Warcraft developer Blizzard Entertainment said outright that it reset user passwords because of the Gawker breach, according to All Things Digital.