LinkedIn admitted to the leak today in their blog.
Our security team continues to investigate this morning’s reports of stolen passwords. At this time, we’re still unable to confirm that any security breach has occurred. You can stay informed of our progress by following us on Twitter @LinkedIn and @LinkedInNews.
It’s not known if the leaked passwords were connected to the related emails, but LinkedIn has deactivated the accounts and is sending emails to the users. IMPORTANT POINT: Be VERY careful about any emails you receive from anyone right now claiming to be LinkedIn! When in doubt, go to the LinkedIn homepage to log in.
Now, let’s review best password practices, shall we?
The easiest trick of course is to include the following in your passwords:
a capital letter
be eight characters long or more
It’s also considered smart policy to NOT use any words in your password. LinkedIn offers some great tips in their blog post about the security breach.
Creating a Strong Password:
- Variety Don’t use the same password on all the sites you visit.
- Don’t use a word from the dictionary.
- Length Select strong passwords that can’t easily be guessed with 10 or more characters.
- Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
- Complexity Randomly add capital letters, punctuation or symbols.
- Substitute numbers for letters that look similar (for example, substitute “0³ for “o” or “3³ for “E”.
- Never give your password to others or write it down.
Now you’ll have to excuse me as I head off to change my password on LinkedIn.