If you have an account on the professional networking site LinkedIn, you might want to change your password now.
That’s especially true if you have not changed the password since 2012, or if you use it on other websites.
LinkedIn announced this week that it has learned that a 2012 data breach appears to have compromised more user information than previously thought:
… we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012.
CBS News reports that, at the time of the 2012 breach, it was believed to affect only the passwords of some users.
Additionally, the Vice tech blog Motherboard reports that only about 6.5 million encrypted passwords were posted online at the time.
But now a hacker is trying to sell data associated with 167 million LinkedIn members, including both the emails and encrypted passwords of about 117 million of those members.
LinkedIn says some people will be required to change their password, and that others should do so as well:
We have begun to invalidate passwords for all accounts created prior to the 2012 breach that haven’t updated their password since that breach. We will be letting individual members know if they need to reset their password. However, regularly changing your password is always a good idea and you don’t have to wait for the notification.
Even if you don’t use LinkedIn, take this news as a reminder to do some digital spring cleaning, including changing and strengthening passwords for everything from social media accounts to banking websites.
The Associated Press reported earlier this month that you should change passwords every few months regardless of how strong they are.
Other password best practices cited by the AP include:
- Do not reuse old passwords. “The longer a password sits around, the more likely it is to fall into the wrong hands,” the AP reports.
- Do not use the same password for multiple sites. Using the same password means that if your password for one site falls into the wrong hands, the person will not also be able to use it to access other sites you use.
- Enable multi-step verification, also known as multi-factor identification, which asks users to provide a second form of identification — like a code texted to their phone — as additional protection.
Two learn more about two-step verification, including which sites offer it, check out “A Free and Easy Way to Shop the Web More Securely.” For more information on keeping your passwords safe, check out “5 Password Managers to Keep All Your Secrets Safe.”
What steps do you take to safeguard passwords? Share your thoughts in our Forums. It’s the place where you can speak your mind, explore topics in-depth, and post questions and get answers.