ADVISORY – after the LinkedIn Hack – Protect your account and be cautious
After the LinkedIn Hack
Protect your account and be cautious
LinkedIn said it is working with the FBI to investigate a cyber attack in which 6.5 million of its users’ passwords were stolen.
The company told the Los Angeles Times that it is working with the federal agency after announcing on its blog that it was working with law enforcement to find more information about the recent hacking.
eHarmony and Last.fm have also confirmed attacks.
The aftermath of the breach of LinkedIn may effect more than just your password. A few points to be aware of after the breach of more than 6.5 million accounts on LinkedIn:
* If you have not changed your password, do so immediately. It only takes a minute. Use upper and lowercase letters mixed with numbers and characters. The more random the better. See: How to Change Your LinkedIn Password
* Do not believe emails purportedly from LinkedIn, asking you to click a link to verify your account.( see http://www.bbc.co.uk/news/technology-18351986 for an example). As per the official notice from LinkedIn:
“Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid,” said LinkedIn director Vicente Silveira, confirming that a breach had occurred.
He added: “These members will also receive an email from LinkedIn with instructions on how to reset their passwords.
“These affected members will receive a second email from our customer support team providing a bit more context on this situation and why they are being asked to change their passwords.”
Read the Official Statement from LinkedIn Updating Your Password on LinkedIn and Other Account Security Best Practices
* Be cautious of invites to connect from random strangers: check out the account and profile – over the past 12 hours we’ve seen many new accounts with an obviously faked image or an image of an object rather than a person, misspellings, zero connections, etc.
* Be very cautious with regard to unsolicited offers of employment, business inquiries, or offers to “buy” what your current company sells. These may request personal information, or redirect to a website that does the same.
* Check your profile, outgoing messages, and messages in groups you manage to assure no messages have issued from your account that you did not author.
* If a request, message or profile looks suspicious, do not respond and report it. LinkedIn makes it easy to do this via the “Flag” icon on profiles, messages, and in group discussions.
Via an updated message on their Blog, LinkedIn states:
“Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published.
To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event.
Since we became aware of this issue, we have been taking active steps to protect our members. Our first priority was to lock down and protect the accounts associated with the decoded passwords that we believed were at the greatest risk. We’ve invalidated those passwords and contacted those members with a message that lets them know how to reset their passwords.”
“What should we do now?” “What should we say?”