Reports are spreading that 6.46 million LinkedIn passwords have been leaked online. The hacker who has them seems to have released the passwords but not the associated email addresses. That said, you should definitely change your LinkedIn password ASAP, as well as change your password on any other service where you are using that same one.
Why the urgency to change your password?
It turns out that the LinkedIn passwords are encrypted, but poorly. Someone won’t be able to just read your password; but with a little work and a little hacker-sense will be able to figure out what it is.
This isn’t just about LinkedIn. Once someone has your email address and password for LinkedIn, they’ll write programs to automatically test the combination on other major sites out there. So if you use the same password anywhere else around the Net, change it now!
Make sure that your new password is secure. For years you have been encouraged to make your passwords using a combination of letters, numbers and punctuation (like P4ssw0rd$##). As it turns out, those passwords are hard for people to remember and easy for computers to crack.
We recommend that instead, you use a nonsense phrase like “I love steamboat pie” or “unicorn free america radio.” Something that’s easy for you to remember, uses at least a few words, and includes spaces!
To learn more about password security read our term on Brute Force Attack, a common way to break into password-protected accounts.