Use LinkedIn? Time to Change Your Password

UPDATE: Want to know if your LinkedIn account password was one of 6.5 million that were leaked? You can now test your password on our tool: to find out! Either way, we still recommend updating your account password.
Reports are now circulating that LinkedIn user accounts may have been compromised, after nearly 6.5 million hashed passwords were reportedly uploaded to a Russian hacker forum.
The popular business networking site has responded that they are looking into these reports, but we highly recommend updating the password for your LinkedIn account.
You can use LastPass to login to your LinkedIn account, go to your account settings page, and update the password to a new, randomly generated one using the LastPass password generator, located in the Tools menu in the LastPass Icon. LastPass helps automate the process by filling in your old password and confirming the update to your stored LinkedIn account when you’ve saved the new password.
With more than 150 million users worldwide, the breach seems to have affected about 10% of the user base. Although usernames do not appear to have been posted alongside the hashed passwords, Finnish security firm CERT-FI warned that hackers may have access to user email addresses in an encrypted form.
The LinkedIn passwords are said to be stored as SHA-1 hashes, a very secure algorithm, but the fact that they did not “salt” the hashes puts user data at significantly higher risk of being compromised. Reports indicate that weaker passwords – some 300,000 of them – may have already been cracked, and the hackers seemed to be reaching out to others in an attempt to crack more [the forum thread referenced appears to be inaccessible at the time of writing this post]. A number of LinkedIn users have already confirmed that their passwords were stolen in the breach.
If user passwords consist of dictionary words or are on the list of ‘bad’ passwords, then they have likely already been cracked. We still highly recommend updating your account password even if yours is much stronger. If you’re new to secure password management, get started today by downloading LastPass, creating a free account, and updating your passwords to secure, generated ones.
Graphic courtesy of


  • Randy Abrams says:

    so, in the wake of the Yahoo breach, are you going to have a Yahoo username checker? Actually it isn’t just Yahoo accounts, here were 35,000 domains affected.

  • Angus S-F says:

    The password-checking website has one feature yours doesn’t: it tells you not only if your password was in the leaked set, it also tells you if it has been cracked. That would be a Cool Thing to add.

    Add my +1 vote for password-aging options, set on a per-website basis.

  • Randy Abrams says:

    You really should be more supportive of quality password habits and boldly tell people not to use the password checking tool until after they have changed their LinkedIn password, and then to never again use the same password. It doesn’t matter if LastPass is trustworthy, you should promote password safety.