Change Your LinkedIn Password and Discard It

In case you haven’t heard, someone stole the unsalted hashes of passwords for the LinkedIn website. 6.5 million of them! The hashes are just that- hashes of passwords, but crowds of hackers are already cracking and posting the true passwords online. No usernames, mind you, but the passwords are, for all intents and purposes, permanently unusable now. Why? Because those hashes are now known, and these hashes will be added to master lists of hashes called “Rainbow Tables.”

And should that hash exist elsewhere in another online account- say for your favorite travel website, or team collaboration site, or dating site, or any other personal login elsewhere- should that hash ever get exposed, hackers will instantly know the true unencrypted cleartext password for your hash.

So if you are a LinkedIn user, change your password if you haven’t already done so. Then think and identify everywhere else you use that password and change those passwords too. Those 6.5 million passwords should be considered toxic if used anywhere else from now on.

You can even use the “LeakedIn” website here to see if any other passwords you commonly use have been exposed by the breach. Visit Shiflett’s blog post here to learn more about the online password checker.

Finally, as a best practice, you should never use the same password for all of your online services accounts. And whatever you do, make sure any online services account such as the ones for facebook, twitter, and LinkedIn, don’t match the passwords used for internal corporate and other secure accounts.