LinkedIn Hack FAQ: What You Need To Know

Worried that your LinkedIn account has fallen victim to hackers? Here's what to do next to safeguard your account.

LinkedIn users awoke to a nasty surprise today as word spread that hackers breached LinkedIn's servers and leaked passwords for nearly 6.5 million user accounts. LinkedIn didn't acknowledge the hack until midday Wednesday afternoon, when the company finally confirmed that a certain number of member passwords had indeed been compromised.

Who's Behind the Hack?

A user on a public Russian forum is taking credit for the hack, but no one has been able to verify if he or she is really behind this whole mess.

When Did the Hack Take Place?

We don't know when the hack took place, but according to Ars Technica, the hackers posted the data over the course of three days.

What, Exactly, Was Released?

The user posted approximately 6.5 million hashed passwords to the forum, and according to security software firm Sophos, at least 60 percent of those passwords have already been cracked. Thus far no usernames have been released, which either can mean that the hackers didn't manage to download them or they are keeping the usernames for themselves. Either way, that's a lot of leaked private data.

So Is My Account Compromised?

Yes and no. The passwords were all hashed using SHA-1 and so they won't be readable without the right software. Unfortunately SHA-1 isn't entirely foolproof so it could only be a matter of time before all 6.5 million passwords are cracked and converted into plaintext. Since we don't know whether or not the hackers have usernames as well, it's best to assume the worst and consider your account hacked.

What's the Worst That Can Happen?

For one thing, hackers would have control of your account and contacts. If you use the same username and password combo on other sites, then there is a risk that those accounts are now compromised as well.

What About LinkedIn Pro Users? Do I Need to Worry About My Credit Card Info?

LinkedIn hasn't said anything about whether any financial information associated with LinkedIn pro accounts was compromised, so we don't yet know for certain. In either case, you should always keep a close eye on your financial statements to make sure that nobody is using your accounts without your authorization.

What Can I Do Protect Myself?

In a blog post, LinkedIn says that it will email all the users whose accounts were affected by the hack and give them instructions as to what to do next. The company warns that you should not click on any email links asking you to change your password, as that could be someone attempting to steal your information.

If you used the same password or username on other websites (which you really shouldn't do), it might be a good idea to good ahead and change those for good measure. If you need help in building a better password, check out our comprehensive guide on the matter.

For still more tips, see our overview of what to do if you ever become a victim of a data breach. So change your passwords, don't click on any suspicious links, and stay safe out there, folks.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Armando Rodriguez and Nick Mediati

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place