Change your Linkedin password now

If you use the professional social networking site Linkedin–which I recommend, albeit now with caveats–you need to be aware that someone stole at least part of its passwords database and leaked it onto the Web. You should assume your password is among the stolen passwords and change it.

The passwords are, unfortunately, just straight MD5 or SHA-1 encryption with no salts–somebody missed a basic security certification question–so it’s only a matter of time before someone decrypts all of them. That’s why you need to change your password, and you should do it now.

So…. As long as you change your password now and change it again next quarter, I recommend Linkedin. In my field at least, the pool of local professionals isn’t all that big. Name a company, and someone I know has worked there. Plus, every recruiter worth talking to mines the place for talent on a regular basis, so having a Linkedin account is cheap job insurance.

Hopefully Linkedin will do something about salting its password files very soon. Because if they don’t, they’re likely to lose a bunch of accounts belonging to security professionals like me, and that’s a red-hot field right now. A CISSP with the “looking for opportunities” flag set on a job site gets more phone calls than a high school prom queen.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux