LinkedIn has urged customers to change their password settings on the professional-focused social network after reports as many as six million LinkedIn passwords have been hacked and dumped online.
According to a blog posted by security firm Sophos, “a file containing 6,458,020 SHA-1 unsalted password hashes has been posted on the internet, and hackers are working together to crack them.”
LinkedIn director Vicente Silveira said in a blog posted this morning that the company “can confirm that some of the passwords that were compromised correspond to LinkedIn accounts.”
The company says it is still investigating the circumstances surrounding the hack.
“We sincerely apologise for the inconvenience this has caused our members. We take the security of our members very seriously.”
LinkedIn members whose passwords are known to have been compromised will not be able to log into their accounts and will be sent an email explaining the steps to reset their password.
However, Sophos has urged all LinkedIn members to change their passwords as a precaution and he says LinkedIn members who use the same password across multiple platforms need to be especially careful.
Graham Cluley, a consultant with Sophos, told AP that further problems could come if the hackers have email addresses connected to the passwords.
“All that’s been released so far is a list of passwords and we don’t know if the people who released that list also have the related email addresses,” he said.
“But we have to assume they do. And with that combination, they can begin to commit crimes.”
The process for changing your password on LinkedIn is relatively simple.
After entering your password, go to the top right of the screen:
Click on the drop down next to your name and choose settings:
On the “Settings” tab, simply go to the “Password Change” link in the top left-hand corner of the main screen (circled below):
Here’s an enlargement of the link you need to click:
Silveira wrote in a blog post that LinkedIn users should change their passwords every few months or a least once a quarter, and provided a set of tips to help users create “strong” passwords:
- Variety – Don’t use the same password on all the sites you visit.
- Don’t use a word from the dictionary.
- Length – Select strong passwords that can’t easily be guessed with 10 or more characters.
- Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
- Complexity – Randomly add capital letters, punctuation or symbols.
- Substitute numbers for letters that look similar (for example, substitute “0? for “o” or “3? for “E”.
- Never give your password to others or write it down.
This article first appeared on SmartCompany.