Well, yet another large Cloud service provider has fallen and 6.5 million usernames and passwords have been popped as we say.
If you use the email address and password for your LinkedIn account for other websites... you may be in for some compromised accounts in the near future... Change all web logins you have that are the same email and password as LinkedIn immediately !!!
Graham Cluley from Naked Security gave a nice summary of how to change your LinkedIn password:
Naked Security Blog on Changing LinkedIn password
Why is this a problem ?
Most users of Internet Cloud Services reuse the same password for multiple websites, if not most or all websites. In late 2010 Gawker was popped and their user credential database taken. Providers like Facebook, Twitter, Hotmail, Yahoo, Google, LinkedIn and others locked/reset their users accounts that were found in the Gawker breached data. Because they know like we do in InfoSec that people reuse passwords across the InterWebbings and these providers did not want a massive user accounts compromise to deal with, so the accounts were locked and/or passwords reset.
Time will tell if the LinkedIn breach results in the same account lockout across the net, it should as those of us with LinkedIn accounts, CLEARLY use all the InterWebbings has to offer.
Want to protect yourself from this type of breach? Use a password manager solution like LastPass. Let LastPass remember your logins and use the Password Generator LastPass offers to create ridiculously good passwords. You now need only remember your master password to gain access to your vault and thus all your logins... and don't forget to add Google Authenticator or YubiKey for 2 factor authentication to further protect your vault from nefarious ne'er-do-wellers. Both solutions are FREE !
LastPass website
More on the LinkedIn breach HERE
More details about the LinkedIn hashes
#InfoSec #LinkedIn #Breach
