Data breach or not, changing your LinkedIn password is a smart idea

According to various published reports, LinkedIn is looking into a data breach where the bad guys made off with millions of passwords. True or not, it’s another reminder that we should change all our passwords regularly.

One such report on the breach comes from Business Insider, which reported that “6.5 million encrypted LinkedIn passwords have leaked, reports Norwegian IT site Dagens IT (found via The Next Web). The passwords were shared via a Russian hacker site, and security researcher Per Thorsheim confirms that the leak is legit.”

Another report in Sophos’ Naked Security blog says:

“A file containing 6,458,020 SHA-1 unsalted password hashes has been posted on the internet, and hackers are working together to crack them. Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals.

“Investigations by Sophos researchers have confirmed that the file does contain, at least in part, LinkedIn passwords. As such, it would seem sensible to suggest to all LinkedIn users that they change their passwords as soon as possible as a precautionary step. Of course, make sure that the password you use is unique (in other words, not used on any other websites), and hard to crack.

“If you were using the same passwords on other websites — make sure to change them too. And never again use the same password on multiple websites.”

I’ve changed my password. You should do the same.