 "How To Protect Your LinkedIn Account")
LinkedIn is investigating reports that approximately 6.4 million user passwords have been posted on the Web and they have acknowledged on their Twitter feed that their investigations have begun.
Websense Security Labs (Websense) lists out some recommendation for LinkedIn users to help keep their account secure. Websense recommends that you change your password immediately to help prevent your password from falling into the wrong hands.
According to Websense, after retrieving the password files that are being distributed on forums in the .ru TLD space, it appears that the passwords are hashed. However, based on samples seen by them, it has not been computationally difficult to translate them into clear text.
It is uncertain how the hackers retrieved the stolen passwords; however, the passwords that users are finding in the hashed files do appear to be real.
So how can this list of stolen passwords be used by a hacker? According to Websense:
The most potentially damaging combination would be using the corresponding username in conjunction with the stolen password. With this combination, you can imagine how a hacker may access an individual’s LinkedIn account.
Once access to LinkedIn is obtained, or any social network for that matter, it could be possible to send direct messages to contacts within the network or to potentially auto-post on related social networks, thus harming the reputation of the individual or the business they may represent.
Now that hackers have a long list of potential passwords used, brute force attacks could become easier to conduct as a result of having this intelligence.
Even if these reports remain unconfirmed, it is definitely a good time to adopt sound practices around password security to help protect against malicious activity.
Websense offers the following recommendations:
Change your password regularly.
Ensure your password is suitably complex both in content and length; using a combination of numeric and alphabetic characters is a wise idea, as is mixing upper and lowercase characters with punctuation marks. Longer passwords are preferable.
Do not use the same password across multiple services.
- If the website you are connecting to has the option of using the HTTPS protocol, as opposed to HTTP, make use of that.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
