Sadly, Linkedin confirmed in their official blog that some of the passwords that were compromised correspond to LinkedIn accounts. The number of "some" is actually about 6 million. According to Naked Security, even thought the revealed passwords are encrypted in SHA1 over 60% of them have been cracked, due to the lack of salt being salted in the hash algorithm. LinkedIn mentioned that members that have accounts associated with the compromised passwords will be noticed or contacted by LinkedIn. However, if you want to find out if your password is among those being compromised, LastPass, the most popular online password manager, posted a page that can help you with that.
Go to this link https://lastpass.com/linkedin/, and put your password in, and click on the button Test My Password. The result shows whether the password you put in is one of those victims.
However, even though if yours is lucky enough like mine that wasn’t hacked, LastPass still highly recommend that you follow the recommendations as below and immediately change your Linkedin and related passwords.
1. Change your LinkedIn password
2. Check if you have re-used your LinkedIn password on any other websites and if so, change those as well.
To assure the safety of using this password check, LastPass claims that only the hash of your password will be sent to LastPass.com’s servers, not your actual password. This hash will not be stored or logged at all. Please view source the page if you’re technically inclined. Considering the good reputation LastPass has earned, I would consider it’s safe using this tool as a quick check-up.
It’s time to consider using a good password manager.
WoW good idea of hackers: Let everyone check if their password at their website so all uncracked passwords can be cracked immediately!@ huhu
You’re really suggesting that people type their passwords into a website not associated with the company hacked?? No matter that LastPass may be a reputable company – how do we know that their server hasn’t been hacked and this page put there by people trying to get more linkedin passwords.
My advice would be to change your linked in password whether or not it’s on the list – don’t bother checking (and potentially giving your password to another 3rd party) – just change it anyway.
I’ve already seen pages claiming to be “has your password been stolen” – and the result when you click the submit button is “It has now!” – with all the Phishing scams around it’s generally a bad idea to submit your password anywhere except the domain where it’s setup.
Great point, Tom. I agree. It might not be a smart move putting in your password in great danger this way but I do still consider this LastPass’ checkup page as the quick pain relief pill for people who panic’d.