Those of you who use LinkedIn might want to beef up your security.
On May 18, the professional-networking site said that more than 100 million members' email and password combinations hacked during a 2012 data breach had just been posted online. In the same breach, hackers stole and publicly released a separate set of 6.5 million encrypted passwords that year.
On Wednesday, LinkedIn emailed its members to explain what it's doing and what its members should do. The company said member email addresses, hashed passwords and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012 had been compromised. In response, LinkedIn invalidated the passwords of all accounts created prior to the 2012 breach in which the password had not been reset since that year.
Cyberattacks against websites are nothing new but have ramped up in recent years as hackers find new ways to exploit security holes. Hackers often sell stolen customer data on the black market, and hacked sites are forced to acknowledge and upgrade their vulnerable security methods. Users have to change their passwords and worry about personal data ending up in the wrong hands.
LinkedIn users can take steps to beef up their account security by setting up a strong password and implementing two-factor authentication, which provides an extra level of protection. Here's how to do both via LinkedIn's website:
Change your password
- Log in to your LinkedIn account (if you've forgotten your password, click on the ? next to the password field, and LinkedIn will send you a link to change it).
- After you've signed in to the site, hover over your thumbnail photo in the upper right corner, and a menu called Account & Settings should pop up. At that menu, click on the Privacy & Settings option.
- Your account page should appear. Click on the option to Change password. Type your current password in the first field, then type your new password in the second and third fields.
- Try to use a strong password. You can use an alphanumeric password with both letters and numbers. You can use a short multiword phrase, such as "There's-no-place-like-home." Another option is to purchase a password generator such as RoboForm or LastPass, which automates the process of creating, remembering and applying passwords.
- Click the Save button. You'll now use your new password to sign in to LinkedIn.
OK, let's say you want to take security a step further and set up two-step verification. This security method uses verification codes sent to your mobile phone, which you then enter at the website.
Set up two-step verification
- From your LinkedIn home page, hover over your thumbnail photo in the upper-right corner, and a menu called Account & Settings should pop up. Then, click on the Privacy & Settings option.
- At your account page, click on the Privacy category at the top. Scroll down to the Security section and click on the option for Two-step verification.
- Add your phone number if requested. Enter your password. Then type the verification code you receive on your mobile phone and click on Verify.
- Go back to the Privacy section and again scroll down to the Security section and click on the option for Two-step verification. Click on the link to Turn on. Again, enter your LinkedIn password. And again, enter the verification code sent to your mobile phone and click on Verify.
- Each time you sign in to your LinkedIn account, the site will send a verification code to your phone. Simply enter that code at the Two-Step Verification page to log in.
Using a strong password and two-step verification may be cumbersome steps, but they can help protect your account credentials from being used by the wrong people.