I read lots of
advice re what do to, and the idea that stood out, for me, was that there was
no point in changing a potentially hacked password if the hack had not been
fixed, as this was tantamount to handing my new password to the hackers. So I waited to hear from LinkedIn.
Meanwhile, I found
a website that invited LinkedIn users to submit their password to see if it was
on the hacked list. (You didn’t have to
enter your account, just your password.)
I tested it with a random number/letter list, and was told this wasn’t
on the list, then entered my real password and was told it was. The advice was to change it immediately, and
any other sites where I use the same password, but I hadn’t heard anything from
LinkedIn, so I did nothing.
Then LinkedIn
announced that they had confirmed the hack and were taking action. Still no direct communication from them. I read elsewhere that if my password was one
of the hacked ones I would get an email from LinkedIn. This morning that email finally arrived.
I’ve changed my
password. And yes, I was using it on
several other sites too, despite knowing it was a relatively insecure password,
so I’ve spent some time this morning changing them all. It’s been a poor showing by LinkedIn, but I
have to acknowledge my own security has been poor too, and it looks like I’ve
been lucky in getting this wake-up call, with (hopefully) no damage done.
I wonder whether
the hackers deliberately targeted and published weaker passwords like
mine? In any case, I suspect we haven’t
heard the last of this.
Posts
.jpg){kind=logo}
No comments:
Post a Comment