LinkedIn and passwords

If you haven't changed your LinkedIn password within the past 24 hours, please stop reading this and read the LinkedIn blog post that describes, among other things, how to change your LinkedIn password now. If you've used the same email/password combination on any other sites, change those passwords as well. Come back here when you're done.

While the details are still trickling out, it appears that many, if not most, LinkedIn passwords got into the wrong hands. Some 6.5 million encrypted passwords were posted online (now no longer generally available).  Ars Technica has a good rundown on what happened. These were the passwords that the hacker(s) couldn't figure out. We can assume that the bad guy(s) figured out the other passwords. The reason that the passwords could be figured out is that the passwords are guessable, passwords such as 123456, 1234567, 12345678 , and the like.

It took a little while for LinkedIn to confirm that the breach had indeed taken place, but did finally confirm the trouble.

LinkedIn News (linkedinnews) on Twitter via kwout

As far as we can tell, only the password database was compromised, without the associated email addresses. This makes it less likely that bad guys were able to access any LinkedIn account, a small bit of comfort.

This was not a good day for LinkedIn. There was another problem with the way that LI handled calendar information on iOS. I'm still a big fan of LinkedIn for all that it can do. I use it many times a day to find important resources that I use on my current projects. At this point, there's nothing comparable .

The way that they handle these crises will go a long way to show how serious they are about protecting customer data. I hope that they get it right. If they don't, they'll lose and we'll lose, too.