 "How To Protect Your LinkedIn Account")
LinkedIn is investigating reports that approximately 6.4 million user passwords have been posted on the Web and they have acknowledged on their Twitter feed that their investigations have begun.
Websense Security Labs (Websense) lists out some recommendation for LinkedIn users to help keep their account secure. Websense recommends that you change your password immediately to help prevent your password from falling into the wrong hands.
According to Websense, after retrieving the password files that are being distributed on forums in the .ru TLD space, it appears that the passwords are hashed. However, based on samples seen by them, it has not been computationally difficult to translate them into clear text.
It is uncertain how the hackers retrieved the stolen passwords; however, the passwords that users are finding in the hashed files do appear to be real.
So how can this list of stolen passwords be used by a hacker? According to Websense:
The most potentially damaging combination would be using the corresponding username in conjunction with the stolen password. With this combination, you can imagine how a hacker may access an individual’s LinkedIn account.
Once access to LinkedIn is obtained, or any social network for that matter, it could be possible to send direct messages to contacts within the network or to potentially auto-post on related social networks, thus harming the reputation of the individual or the business they may represent.
Now that hackers have a long list of potential passwords used, brute force attacks could become easier to conduct as a result of having this intelligence.
Even if these reports remain unconfirmed, it is definitely a good time to adopt sound practices around password security to help protect against malicious activity.
Websense offers the following recommendations:
Change your password regularly.
Ensure your password is suitably complex both in content and length; using a combination of numeric and alphabetic characters is a wise idea, as is mixing upper and lowercase characters with punctuation marks. Longer passwords are preferable.
Do not use the same password across multiple services.
If the website you are connecting to has the option of using the HTTPS protocol, as opposed to HTTP, make use of that.
 "Microsoft-owned LinkedIn is firing over 650 people, total tally this year crosses well over 10,000")
 "'Frozen in time': Zolo co-founder Nikhil Sikri shares his plight in Bengaluru traffic")
 "LinkedIn deletes youngest SpaceX engineer Kairan Quazi's account; here's why")
 "Man working for Deloitte praises Hitler on LinkedIn, faces backlash")
 "Microsoft-owned LinkedIn is firing over 650 people, total tally this year crosses well over 10,000")
 "'Frozen in time': Zolo co-founder Nikhil Sikri shares his plight in Bengaluru traffic")
 "LinkedIn deletes youngest SpaceX engineer Kairan Quazi's account; here's why")
 "Man working for Deloitte praises Hitler on LinkedIn, faces backlash")