Mainstream news sites such as the BBC are reporting Wednesday that Russian hackers have cracked into the professional networking site LinkedIn and are posting users’ encrypted passwords to the Web.
Although unconfirmed by LinkedIn, security experts believe reports of the hack to be credible.
Security researcher Graham Cluley told the BBC, “Our advice is to change your LinkedIn password. And if you use the password on other accounts change it there too.”
This revelation comes on the heels of press reports that LinkedIn’s mobile app was “leaking” calendar entries of users. Apparently that only impacted iOS apps (iPhone, iPad) and only those users who opted into viewing their personal calendar entries within the app.
Current reports are that some 6.5 million LinkedIn passwords are now posted on the Web. Twitter users are feverishly reporting that they have their personal passwords online. That is not confirmed.
Experts stressed that this hack underlines the fragility of online databases and the need for hardening the perimeters.
June 7, 2012 - Update: Reports of phishing emails sent to LinkedIn users have been mounting. The emails inform users of the security breach, and asks them to click through to change their LinkedIn password.
Advice from experts is to delete such email unread. LinkedIn has told media outlets it will be sending out official instructions on how to change passwords - but if in doubt about the authenticity of such emails, just delete them.
An easy way to change a LinkedIn password is go to the site; in the search box in the top right corner, enter CHANGE PASSWORD. You'll be asked to log in. Then follow the simple directions.