Over six million LinkedIn passwords were posted to a hacking forum on Monday June 4th – with an open invitation to decrypt them.
Do you use LinkedIn? Do you also use that LinkedIn password on any other site… banking, or at work, or on Twitter or WordPress?
Go change that password, now.
In fact, attackers may have already decrypted the passwords, and they may also have users’ passwords and email addresses. “Although the data which has been released so far does not include associated email addresses, it is reasonable to assume that such information may be in the hands of the criminals,” said Graham Cluley, senior technology consultant at Sophos, in a blog post.
The Computer Emergency Response Team of Finland (CERT-FI) Wednesday warned that many more than the 6,458,020 uploaded password hashes are likely to have been obtained by attackers. “Not all LinkedIn passwords have been published, but it is likely that an attacker is in possession of the rest of the passwords,” it said.