On Tuesday, June 6th, LinkedIn confirmed that a Russian website had
posted what appears to be the passwords for 6.5 million LinkedIn
accounts. While LinkedIn has not been able to identify the source of the
compromise, they have confirmed that at least some of the passwords do
match their accounts.
As many faculty, staff, and students have LinkedIn accounts it is
important that they take the time to review the following steps that
should be taken to protect their credentials:
– Users should change their LinkedIn password to a unique, temporary
password. A temporary password is recommended as the source of the
compromise has not been discovered so even new passwords may be at
risk. Once that LinkedIn has identified the source and closed the
vulnerability users should change their passwords again.
– If a user used their LinkedIn password, or a similar password as any
of their Michigan Tech passwords, they should change them immediately
to a new, unique password. Your ISO password used for most services,
including email, can be changed by visiting https://www.login.mtu.edu
and clicking on the “Change Your MTU ISO Password” link in the
upper-left hand corner. For information on changing other Michigan
Tech passwords, please contact firstname.lastname@example.org.
– Any other accounts that the user has that had the same password or
similar password to their LinkedIn password should also be changed to
a new, unique password. This is especially important where financial
services are concerned.
Users should be using unique passwords for each account that they have
as many credentials are compromised due to the reuse of passwords on
vulnerable services. There are many programs or services available to
help people keep track of their passwords for various sites. The
website https://lastpass.com has a very robust, free service this integrates
with most browsers. For users who are interested in a non-web based
solution, the programs “Password Safe” for Windows and “Password
Gorilla” for Windows, Mac OS, and Linux, have been recommended by
the security community.
LinkedIn will be sending a few emails to users whose accounts have
been verified as having been compromised. More information on the
steps that they are asking their compromised users to take can be