LinkedIn Confirms Breach; How to Tell if Your Account Was Compromised and What to Do

Further to the post earlier today about passwords at LinkedIn being hacked, LinkedIn has issued the following update:

Our security team continues to investigate this morning’s reports of stolen passwords. At this time, we’re still unable to confirm that any security breach has occurred. You can stay informed of our progress by following us on Twitter @LinkedIn and @LinkedInNews.

While our investigation continues, we thought it would be a good idea to remind our members that one of the best ways to protect your privacy and security online is to craft a strong password, to change it frequently (at least once a quarter or every few months) and to not use the same password on multiple sites. Use this as an opportunity to review all of your account settings on LinkedIn and on other sites too. Remember, no matter what website you’re on, it’s important for you to make sure that you protect your account security and privacy.

Here are some account security and privacy best practices that we recommend for our members:

    Changing Your Password:

  • Never change your password by following a link in an email, since those links might be compromised and redirect you to the wrong place.
  • You can change your password from the LinkedIn Settings page.
  • If you don’t remember your password, you can get password help by clicking on the Forgot password? link on the Sign in page.
  • In order for passwords to be effective, you should aim to update your online account passwords every few months or at least once a quarter.

Creating a Strong Password:

  • Variety – Don’t use the same password on all the sites you visit.
  • Don’t use a word from the dictionary.
  • Length – Select strong passwords that can’t easily be guessed with 10 or more characters.
  • Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
  • Complexity – Randomly add capital letters, punctuation or symbols.
  • Substitute numbers for letters that look similar (for example, substitute “0″ for “o” or “3″ for “E”.
    Never give your password to others or write it down.

A few other account security and privacy best practices to keep in mind are:

  • Sign out of your account after you use a publicly shared computer.
  • Manage your account information and privacy settings from the Profile and Account sections of your Settings page.
  • Keep your antivirus software up to date.
  • Don’t put your email address, address or phone number in your profile’s Summary.
  • Only connect to people you know and trust.
  • Report any privacy issues to Customer Service.

Not a bad time to change the passwords on your other accounts. If you use Google, consider enabling Google’s two-factor authentication, especially if you are using it for your law practice. See instructions on how to do this here.

You could also consider using a password manager like LastPast. It is a cross-platform and device tool that will safely store and remember passwords for you, thereby making it easier to use different and stronger passwords for your various accounts.

Comments

  1. A posting from FMC Law elaborates on why now is not a bad time to change the passwords on your other accounts.
    http://www.datagovernancelaw.com/potential-password-breach-your-response-wont-stop-with-one-account
    That posting conveys a greater sense of urgency in this regard than does LinkedIn’s news update.

  2. Any comments on using lastpass on an ipad or android phone? I’ve seen mixed comments, and it seems that to do that it costs a $12 annual fee.