LinkedIn is scrambling after a hacker has announced the sale of 117 million LinkedIn users login details on the dark net. The data was allegedly stolen in a 2012 attack and is now being auctioned off for around £1,500.
This has prompted LinkedIn to send out a wave of emails to users warning them to change their passwords immediately. LinkedIn were aware of the breach in 2012 but say they initially believed the number of compromised accounts was far smaller.
Currently LinkedIn is advising all of its users to change their passwords just to be on the safe side. They are also contacting people they believe have been compromised.
Unfortunately, whenever a company sends out this type of mass email, there are always hackers willing to piggyback for a quick buck. What this means is, along with the legitimate LinkedIn emails, a hacker might send out their own emails posing as LinkedIn to steal people’s login details. To avoid this, remember that a real LinkedIn warning email will tell you to go to LinkedIn and sign in rather than having you click a link in the email.
Make sure that before you change your password, check that the domain is correct. It should start with a green padlock followed by HTTPS. Next check that the root domain is linkedin.com. If it is something like gb.linkedin-login.com, it is most likely spam.
To change your password, go to LinkedIn, and sign in (or sign out and back in if you are already logged in). When you try to sign in you will see this warning as displayed on the right.
Your attempt to sign in will trigger LinkedIn to send you an email that will contain a link for you to click to reset your password. Follow the instructions and change your password. Once your password has been changed, you should be safe from this particular hack but there are other things you can do to keep you safe in future.
The first step is setting up second step verification. You can do this in the security settings on LinkedIn. Second step verification means that your password is further protected by your phone. Anyone trying to sign into your LinkedIn from a computer that has not signed in as you before will be stopped. Before they can finish logging in, they will need a code that is texted to your phone. That means to log in as you, someone will need your password, user name and phone.
If you are worried about security, another good practice is regularly changing your passwords for all accounts. In the wake of recent cyber breaches from TalkTalk and Mumsnet, this is one of the best ways to protect yourself online.