Information has come to light suggesting that LinkedIn may have been compromised in December 2013 with the resultant loss of around 2,500 passwords. The criminals that infiltrated LinkedIn are only just getting around to using those passwords now, 3 months later, suggesting that it was a speculative or opportunist thief who took a while to find a buyer, rather than targeted to order with an immediate customer or purpose in mind.
2,500 may not sound like a lot compared with the millions of users on LinkedIn, but if it’s your professional profile that’s affected then it’s a big problem for you. Imagine losing most of your professional contacts, or the recommendations (not those worthless endorsements) that people have written for you. LinkedIn are not helpfully and selectively restoring information that has been deleted from those affected.
Perhaps worse, imagine being locked out of your LinkedIn account, unable to get back in, with somebody else masquerading as you… perhaps abusing your timeline, creating content you’d rather not see on it, stealing email addresses for your contacts… while your professional contacts think it’s you, and you can only watch on powerless.
It’s not yet clear precisely where the vulnerability in LinkedIn was. Maybe it was connected with their Q&A user forum, or perhaps something to do with new premium account signups. LinkedIn aren’t saying, although they are working to address the problem.
The message is clear enough though: change your passwords regularly. That way if your password is stolen without your knowledge, but not used for a while, it will hopefully be useless to the thieves when they come to try it.
And if you ever see an email suggesting that something odd is happening in or with your account, on any system, act quickly. Do not click a link in the email though (it may be a phishing scam or virus) but open up a browser, type in the URL manually, log in, and change your password.
For most people it’ll take less than 15 minutes to change all your passwords on LinkedIn, Facebook, Twitter etc. So why not make that investment of time now rather that risk seeing your professional presence compromised, and then waste days picking up the pieces.
The same goes for any other systems you access online too, not least your bank (although they’re generally a lot more secure to begin with).
Change your passwords today.