Change your LinkedIn password

[Del Lardo]

http://www.zdnet.com/blog/btl/646-mi...d-online/79290

Best be on the safe side............

[divine]

FFS I only signed up about a month ago because people at work were pestering me.

[Dazzy_G]

Rather annoying, I'd like to know that the hole is patched before I change the password though, other sites will be done though

[Mark]

Change it to something temporary (and not used elsewhere) until it's confirmed patched - otherwise you could be going around in circles.

Thankfully the passwords are encrypted, which is a step in the right direction from previous disclosures at least. It's now down to how easy they are to crack. Provided you used a strong password (i.e. not one that can be cracked with a dictionary attack), and they used a sufficiently strong hash (at least SHA-1), then you'll be OK, but better to change it anyway.

[Garp]

Encryption / hashing is next to useless without salting, which is what LinkedIn haven't done. Good explanation here: http://www.standalone-sysadmin.com/b...s-compromised/

[Zirax]

FFS, its not like this is a company listed on the exchange or anything. There needs to be BIG fines for pathetic password storage policies in the modern age.

IIRC there is a part in the DPA about ensuring users information is sufficiently protected?

[Garp]

Under the laws in the US they'll be required to include the details of the hack in their annual filings. Next shareholder meeting promises to be interesting.

[LeperousDust]

Have a unique password for LinkedIn, as with pretty much every "important" website I use that encompasses my "online presence".

I'll change it slightly for now and hold fire until they sort themselves out. No one company can be trusted at all, which is why I keep my passwords totally unique...

It's terrible companies can't keep a check on security and I don't mean losing the passwords in the first place, I mean actually making sure they're safely guarded even in the wrong hands... It's not a difficult idea, but as with any large companies they tend to be somewhat ignorant

Saying that most users don't take password security seriously either *sigh*...

[Mark]

So even if they don't think your password has been compromised, you should change it anyway, since the hack affects 6.5m passwords, not 6.5m accounts as the media have reported.

Due to their lack of salts, multiple accounts with the same password have the same hash, and thus you can't guarantee that your account hasn't been compromised because you don't know if someone else happens to have chosen the same password as you (however unlikely you may think that is).

Thankfully, I don't have a LinkedIn account. Dreading when one of my accounts does get compromised though because I only have a small number of passwords across all sites. I've been researching password managers for my phone because I think that's the way I'm going to have to go.

[Zirax]

True, I only used the password for there as I never fully trusted LinkedIn, bit like Facebook.