Yes, LinkedIn was hacked.
Over the past couple of days, you may have received a notification message from LinkedIn. And you may be wondering if it's legit.
If it's the message below, then it is real — and you received this message because data was compromised that included your account information, including your password. You weren't alone, though, as this hack affected 117 million email addresses. And it actually happened a few years ago, but the company is just addressing it now.
Here's the message, and read on to find out what you need to do next.
Tell me what this means in plain English?
This attack wasn't recent.
Back in 2012, LinkedIn was hacked, when data including your email and password was stolen. Nothing happened with that data until now, when the information was released online. So now, LinkedIn is reminding members to take action (reset your passwords) and they're letting everyone know that they're on the ball and taking data security seriously.
If you joined LinkedIn after 2012, then this likely doesn't impact you — and you probably didn't receive the message in the first place.
What should I do?
You can find out if your email address was associated with this and other attacks by checking at the site, Have I Been Pwned? This isn't a typo. "Pwned" is a slang term for being "owned" or dominated by someone else; a hacker in this case.
The most important thing to do is to change your LinkedIn password. Even if you changed your password since 2012, this is a good reminder to update it anyway.
Follow these best practices for creating secure passwords:
- Use at least 12 characters
- Don't duplicate other passwords you use online
- Use a combination of numbers, letters, capital and lower-case letters
- When using symbols, don't substitute those for letters that are too obvious. ie. Password and P@ssw0rd are so similar. But stay away from "password" altogether, which is still the second most common password.
- Don't use common words found in the dictionary. Those can be hacked almost instantly.
- Don't use your name, company name or login name.
What's the final verdict here?
This is a great lesson in social media data security. We spend a lot of our work and personal time online, and passwords are valuable pieces of data that we should take seriously.
LinkedIn did a good job of notifying their members now about this breach (albeit a little late), and what they can do to keep themselves protected. Kudos to the new leaders of the social media giant for taking these steps.
Take this as a reminder to update your passwords regularly, even every 3 months, on all your online and social accounts. Yes, this is a bit of a pain, but it beats having your information stolen. And you can always use password managers like Keychain Access on your Mac or software like Dashlane available online.
And if you want to go the old-school way and remember your passwords, Microsoft has these great tips using acronyms to create and remember those complicated, but strong, passwords.
For more on data security, see IT Security Pros: Protect Your Corporation.