Just received this IT Bulletin at work:

IT Security Bulletin

This bulletin provides users with security awareness pertaining to the hacking of the LinkedIn business networking site.
When: June 6, 2012

Threat:
LinkedIn, the business networking site, confirmed it was hacked. Independent sources claim that as many as 6.5 million passwords may have been stolen.

Action:
The HoC IT Security team advises all HoC LinkedIn users to change their passwords immediately and to choose a unique, complex passphrase for all other websites requiring authentication.

The following tips may be of use to LinkedIn users:

• Beware of any phishing emails that claim to be from LinkedIn.
• Log into the LinkedIn website via a new browser window (do not access it through an email) and change your password.
• Review the list of LinkedIn connections in your network to ensure there are none that do not look familiar.
• Check that your privacy settings are set appropriately.
• Change the passwords to all other accounts that require authentication, such as social networks, email and financial accounts, especially if you use the same password.



So to all you LinkedIn users here I wold recommend taking the measures outlined above.

Further information:
Everyone should change their password ASAP of course, no matter how small the risk
The majority of passwords exposed were hashed, not clear text. LinkedIn has already disabled the passwords and contacted those members whose passwords were unencoded.

This is going to be a pain...

This is going to be a pain...

Amen, Brother. While I don't use Facebook at all, I do use Linkedin for professional contacts. :(:mad:

I always thought passwords were automatically encrypted, especially on professional and commercial sites.

I always thought passwords were automatically encrypted, especially on professional and commercial sites.

They apparently were, and a small percentage of these were cracked after the fact by the hackers. So the tale goes.

LinkedIn never seemed like a good idea to me. Major identity theft waiting in the wings. Glad I never went for it.

Apparently mine was one of the ones that was compromised. I use LinkedIn for professional purposes.

Cheers

.

Apparently mine was one of the ones that was compromised. I use LinkedIn for professional purposes.

Cheers

As do I. :(:mad:

We shall see.

I recently joined and use it for professional reasons as well, I never heard from them yet so mine may not have been one of them.

I have not heard from them either and I have been a member for two years. In spite of that, I did change my password.

I did change it as well, shortly after hearing the news.

Had a bad feeling about it. I never tried it. May have been right.

That's what Han Solo used to say.

This why with Facebook and LinkedIn I never put my personal info and use my real passwords instead cheapo ones I can afford to replace all time.
Way too many people put their birth dates and addresses, phone numbers. You might as well put your card card number and sin number there for
Everyone to use.

Linkedin has my professional resume, which may as well be a matter of public record. LinkedIn has served me well, as a professional, reaching out to members of other organizations.

Even with the hash of my password compromised, I doubt it was cracked. It was a random set of obscure characters

Even so, I changed it to another obscure set of characters.

Funny think is my ehMac password is one of my least secure.

My Facebook is full of miss-information. I admit i don't trust Facebook at all.

Funny think is my ehMac password is one of my least secure.

Makes sense - what is a hacker going to do if he manages to break into your ehMac account?

Post some SPAM?

They can't clean out your bank account or run up large credit card bills.

Worst thing that can happen via ehMac is that they try to sell a non-existant Mac under your name, but that would become obvious real quick.

I pick the strength of my passwords based on the security I need for a particular site as well.

I'm afraid I still don't 'get' social media. I can't imagine how using Facebook or LinkedIn could allow me to accomplish anything I can't currently accomplish with email and a webpage.

The downsides of having all your personal information and all your on-line activity being tracked, recorded and controlled (i.e. sold) by a for-profit corporation seem to far outweigh any possible advantage there could be from using one of these sites, so I've never joined.

I never even considered the possibility of the sites themselves getting hacked and having your information getting into nefarious hands that way, but it's now one more obvious reason not to participate.

There are a lot of people I like and respect on Facebook, so I track it occasionally for that.

Also, as volunteer for a local community centre, I post updates on a facebook page - it is a valid channel for reaching many of our members.

LinkedIn has reached critical mass, where most professionals can be reached more easily than trying to track down a recent phone number or email address. It is also great for seeking introductions ("I see you know so-and-so, may I use your name when I call them?")

-d

And just to instil further confidence in this corporate social site:
LinkedIn's Leaky Mobile App Has Access to Your Meeting Notes - NYTimes.com (http://bits.blogs.nytimes.com/2012/06/05/linkedins-leaky-mobile-app-has-access-to-your-meeting-notes/?ref=technology&pagewanted=all)

Bottom line really is that nothing one posts on the net or info sent via a cell phone stays confidential forever regardless of how secure the servers are.

In this case LinkedIn actually collected the information, but I occasionally end up in private forums where membership is restricted via passwords just doing regular google searches.
Not sure how that happens, seems the google just pick up posts and threads directly within those groups; once one is in, one can browse around the site with no restrictions.

Link to check if your password was hacked
https://lastpass.com/linkedin/
Mine was LOL
Glad it was not a real password I use on other sites
I have changed it

Interesting. Mine was not hacked, but I did change it.

I checked on LastPass and it said mine had been compromised, but that they do not record the passwords inputted. I also tried several common keystroke combinations, like QWERTY, and some, according to the site, had been hacked while others had not. How do I know that LastPass isn't just phishing for passwords itself?

How do I know that LastPass isn't just phishing for passwords itself?

They advise you to change your password first. Hopefully you are not entering an active password.

Having said that, I am a LastPass customer, so I must have faith in their claims of client-side encryption of my passwords.