Updated content follows below.
Time to reevaluate your password strength; It seems like there’s been another password leak, and this time it’s LinkedIn. According to the Norwegian site Dagens IT, hackers posted 6.5 million unsalted password hashes on a Russian site, alleging they all belong to LinkedIn users. So far, reports are that 300,000 of the hashes have been decrypted, meaning those passwords are out in the wild, in plain text. More are sure to join them. Best to freshen up that password, just in case.
Earlier today, Google blocked a shady-looking access attempt to my old Gmail account, which as it turns out, had the same credentials as my LinkedIn account. Mistake on my part, I know. It might be a coincidence, but it lends some credibility to these claims, and Reddit users are also verifying that their own unique hashes are appearing on the list. It’s never a bad idea to change your password just in case, and this time, it seems like there might be a real threat. If you use unique passwords, you should be in the clear, but if you don’t use unique passwords, get in there now and start. This time it’s LinkedIn, next time it could be Facebook. Who knows. Always better safe than sorry.
Update: eHarmony was hit by the same hacker too, with approximately 1.5 million passwords exposed. eHarmony has confirmed the breach. If you’ve got an account there, you ought to change that password too.
- Here’s and infographic to help you pick a strong one
- Remember when those Twitter passwords leaked?
- Oddly enough, older people tend to make better passwords