LinkedIn Hack FAQ: What You Need To Know

07.06.2012

LinkedIn users awoke to a nasty surprise today as word spread that and leaked passwords for nearly 6.5 million user accounts. LinkedIn didn't acknowledge the hack until midday Wednesday afternoon, when the company finally confirmed that a certain number of member passwords had indeed been compromised.

A user on a public Russian forum is taking credit for the hack, but no one has been able to verify if he or she is really behind this whole mess.

We don't know when the hack took place, but , the hackers posted the data over the course of three days.

The user posted approximately 6.5 million hashed passwords to the forum, and according to security software firm Sophos, at least have already been cracked. Thus far no usernames have been released, which either can mean that the hackers didn't manage to download them or they are keeping the usernames for themselves. Either way, that's a lot of leaked private data.

Yes and no. The passwords were all hashed using SHA-1 and so they won't be readable without the right software. Unfortunately isn't entirely foolproof so it could only be a matter of time before all 6.5 million passwords are cracked and converted into plaintext. Since we don't know whether or not the hackers have usernames as well, it's best to assume the worst and consider your account hacked.

For one thing, hackers would have control of your account and contacts. If you use the same username and password combo on other sites, then there is a risk that those accounts are now compromised as well.

LinkedIn hasn't said anything about whether any financial information associated with LinkedIn pro accounts was compromised, so we don't yet know for certain. In either case, you should always keep a close eye on your financial statements to make sure that nobody is using your accounts without your authorization.

In a blog post, LinkedIn says that it will email all the users whose accounts were affected by the hack and give them instructions as to what to do next. The company warns that you should not click on any email links asking you to change your password, as that could be someone attempting to steal your information.

If you used the same password or username on other websites (which you really shouldn't do), it might be a good idea to good ahead and change those for good measure. If you need help in building a better password, check out our on the matter.

For still more tips, see if you ever become a victim of a data breach. So change your passwords, don't click on any suspicious links, and stay safe out there, folks.