6.4M LinkedIn passwords compromised

On the Internet you have very little privacy. One thing that’s private, or should be, are your passwords. Many business managers know this, and go to great lengths to ensure that their passwords are secure. Yet there are times when passwords are leaked, often this isn’t your fault. This recently happened with LinkedIn.

LinkedIn is a popular social media site that caters to professionals and helps them to network and find jobs. In the past few days, news stories have emerged about how members’ passwords were leaked online.

How passwords work
The password you enter to access a website like LinkedIn acts as a handshake to confirm that the user trying to access the account is who they say they are. Remember the last time you signed up for a new account, and had to enter the password you’re going to use? The owner of the website stores that password in a, normally encrypted, file and tells the Web page to reference this file when you log in. If the passwords match, you’re allowed in. If not, you get the password error page.

What happened?
A hacker discovered a way to exploit the calendar feature in the LinkedIn mobile app. Basically, when the calendar in LinkedIn was updated, the information, including your password is encrypted and sent to LinkedIn’s servers, which then update your profile with the information. The hacker developed a way to grab the encrypted password data for around 6.4 million users.

The hacker then published the encrypted passwords online for other people to decrypt. LinkedIn has released an update to the mobile apps to plug this leak, but the passwords are still online.

What does this mean for me?
The chances of your account’s password being among the ones leaked is pretty small. However, if your password was posted, someone with programming and encryption knowledge could decipher it, and gain access to your account. If this happens, this poses a security risk as they will be able to access any and all data you have stored on that account. Beyond that, if you use the password for other accounts, they could gain access to them also.

How do I know if my password was compromised?
LinkedIn knows of the leak and has taken steps to minimize the damage.

  1. When you next try to log in to your LinkedIn account, you’ll get a message telling you the password no longer works.
  2. LinkedIn has emailed users whose passwords have been leaked informing them to change their password. This email has no links in it, so if you get an email supposedly from LinkedIn with links to change your password, DON’T click on the link. There have been reports of such emails (with links) being sent out. These emails are phishing schemes which aim to steal your password.
  3. LinkedIn will send you a follow-up email explaining more about what happened and why you were asked to change your password.

Alternatively, you can go to lastpass.com and test your password.

If you haven’t received an email, your password probably wasn’t leaked. We do suggest that, for security reasons, you change your LinkedIn password as soon as you can. You can do this by:

  1. Going to LinkedIn’s website and logging in.
  2. Hovering your mouse over your name in the top right corner of the window and selecting Settings from the drop down menu.
  3. Clicking on Account located in the pane underneath your profile picture. If you don’t see Account click on the grey shield icon.
  4. Selecting Change password and following the instructions.

If you feel that your accounts are unsecured, or would like to enhance your current security, please contact us. We may have a solution for you.

Did you know about these FB features?

The use of social media by companies to connect with their customers and drive brand awareness is commonplace among companies of all sizes. Using a site like Facebook and its numerous features allows small businesses to tap into a potentially large customer base. What many owners don’t know is that there are some hidden features that they could be using.


Make your inbox work for you

Look at your emails, how many do you have that require your immediate attention? If you answered zero, you should be commended. If you answered too many to count, you’re among the majority. While it would be nice to reach and maintain the near mythical zero, you should first aim to ensure that your inbox is organized so you can leverage it to increase your productivity.


Don’t let business fail due to disaster

Many companies in North America, the UK and Australia tend to adopt an almost invincible point of view, they believe that disaster can never strike their business and are stunned when it does. This is a dangerous viewpoint to take, especially for small businesses who stand to be affected the most from any disaster.


Keys-check, wallet-check, phone...Oh no!

Losing something is always tough, having to spend time looking for it, turning the house and office upside down only to come to the realization that it has indeed been lost. This is even worse when it’s a useful device like your smartphone. Many small business owners keep their whole life on their phones, and if they lose it, it’s a big deal.