RSS FeedBlogs

Unscrewing Security

Alec Muffett

RSS FeedSubscribe to this blog
About Author
Alec Muffett

Alec Muffett is a veteran security geek who believes strongly in common sense, full disclosure, defence in depth, privacy, integrity, simplicity and open source. He is an independent consultant, writer, and speaker specialising in security education.

If it turns out that LinkedIn passwords have leaked...'s what you should do

Article comments

Rumours are circulating on the net that a database of hashes of LinkedIn passwords has been published on a Russian hacker site.

I cannot confirm this but if the article referred to above is correct then there is a risk to LinkedIn users; password cracking software such as Hashcat can be brought to bear on the problem, and passwords that are derived from common words and phrases - or which are just too short - can and will be broken.

I'll write more soon, but in the meantime:

  1. Choose a new password - a short phrase, make it twelve or more characters long; don't worry too much about making it look random but instead make it long-and-memorable and use proper spacing and (perhaps) punctuation.

  2. See this famous cartoon for techical explanation, but don't reuse the password it suggests.

  3. Change your LinkedIn password to the new password.

  4. IMPORTANT: Finally, think of all the other accounts you have - e-mail, Gmail, Instant Messenger, Skype... which use the same password. Change all of them, too - ideally use different new passwords for each one.

The reason for the final step is that someone can easily cross-correlate your e-mail address from your LinkedIn login to (say) Skype, and use the (assuming this is all true) old LinkedIn password database to break into that.

This would be very unfortunate, but quite easy to achieve.

We now return you to your natural state of paranoia; updates will be posted here as/when events warrant.

Follow me as @alecmuffett on Twitter and this blog via the RSS feed.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *