Six million LinkedIn passwords appear to have been stolen. Security experts are warning that your LinkedIn account could be compromised, and have advised all users to change their password.
It seems that a Russian hacker posted 6,458,020 unsalted password hashes on a forum and invited hackers to help crack them. The file does not appear to contain associated email addresses, but they could be in the hands of cyberwrong'uns separately.
The 6 million passwords make up about 4 per cent of LinkedIn's 160 million users. As LinkedIn has a paid premium option, it's possible hackers could log in to access your credit card information.
LinkedIn has yet to confirm or deny that a breach has taken place, tweeting, "Our team continues to investigate, but at this time, we're still unable to confirm that any security breach has occurred." Online security experts Sophos researchers say they've found LinkedIn passwords in the file, however.
Sophos' Graham Cluley suggests you should change your LinkedIn password as a precautionary step. "Make sure that the password you use is unique –- in other words, not used on any other websites -– and that it is hard to crack," he advises. "If you were using the same passwords on other websites, make sure to change them too -- and never again use the same password on multiple websites."
Quite how you're supposed to remember hundreds of different passwords is beyond me. Gotta have a system, I suppose. To change your password, log onto your LinkedIn account. Click on your name in the upper right corner, click the link for Settings, and hit the Change link next to Password. Enter your old password and then create a new one, unique to LinkedIn.
Funnily enough this isn't the only privacy headache LinkedIn has faced today: a new calendar sync feature has also proved controversial. The feature syncs your calendar to LinkedIn in order to for you to see information about the people you're meeting with, pulled from their LinkedIn profile. LinkedIn has responded to criticism by ditching the sync option for the notes section of the meeting, as well as denying that information was sent unencrypted.
You can turn the calendar sync off if that bothers you. It's an opt-in feature though, so if you haven't turned it on it won't affect you.