The social networking site Linked In has confirmed that more than 6 million passwords were stolen yesterday. The user accounts associated with each password were NOT compromised; however, someone could use the password list in a “dictionary attack” against Linked In accounts.
Linked In has proactively disabled the accounts with compromised passwords. If you are unable to log in to your Linked In account, this is the likely reason. Linked In is sending email notices to all compromised accounts with instructions on how to update the passwords and re-activate the accounts. It is important to note that this notification email will not contain any links to account management – if you receive an email with a hyperlink to update your Linked In password it should be discarded as a likely phishing attack.
501cTECH recommends our clients to follow best practices when it comes to social media / cloud account security :
• Make your passwords complex and long: difficult to guess, but easy to remember
• Don’t use the same username / password combination on multiple sites
• Change your passwords on a regular basis (and when breaches like this occur)
More on the Linked In blog: http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/