Use LinkedIn? Time to Change Your Password

UPDATE: Want to know if your LinkedIn account password was one of 6.5 million that were leaked? You can now test your password on our tool: to find out! Either way, we still recommend updating your account password.
Reports are now circulating that LinkedIn user accounts may have been compromised, after nearly 6.5 million hashed passwords were reportedly uploaded to a Russian hacker forum.
The popular business networking site has responded that they are looking into these reports, but we highly recommend updating the password for your LinkedIn account.
You can use LastPass to login to your LinkedIn account, go to your account settings page, and update the password to a new, randomly generated one using the LastPass password generator, located in the Tools menu in the LastPass Icon. LastPass helps automate the process by filling in your old password and confirming the update to your stored LinkedIn account when you’ve saved the new password.
With more than 150 million users worldwide, the breach seems to have affected about 10% of the user base. Although usernames do not appear to have been posted alongside the hashed passwords, Finnish security firm CERT-FI warned that hackers may have access to user email addresses in an encrypted form.
The LinkedIn passwords are said to be stored as SHA-1 hashes, a very secure algorithm, but the fact that they did not “salt” the hashes puts user data at significantly higher risk of being compromised. Reports indicate that weaker passwords – some 300,000 of them – may have already been cracked, and the hackers seemed to be reaching out to others in an attempt to crack more [the forum thread referenced appears to be inaccessible at the time of writing this post]. A number of LinkedIn users have already confirmed that their passwords were stolen in the breach.
If user passwords consist of dictionary words or are on the list of ‘bad’ passwords, then they have likely already been cracked. We still highly recommend updating your account password even if yours is much stronger. If you’re new to secure password management, get started today by downloading LastPass, creating a free account, and updating your passwords to secure, generated ones.
Graphic courtesy of


  • Anonymous says:

    The article up at Ars Technica speculates that passwords from a dating site (possibly eHarmony) was leaked as well.

  • Mufa says:

    Thanks and also, please add pronounceable passwords to Firefox.

  • Anonymous says:

    Interesting that I have to use “Copy Password” to change my password since lastpass cant detect that I need to fill the form for “Old Password”…

    • Anonymous says:

      This is actually not interesting at all. More whiny than anything. Sorry you had to use the copy button like the rest of us.

    • Anonymous says:

      Actually, it is interesting – since you’d think LastPass could figure out LinkedIn’s password form… especially since they are posting articles on the LinkedIn issue. Sorry that you (and several others on here) have such rude, intolerant responses – and feel the need to express them. Have a nice day! :) <3

  • thetrickster says:

    Thank goodness I was already using LastPass to create complex passwords so, thankfully my LinkedIn password was a unique password not used on other sites and I can easily change it. Thanks for the heads up.

  • Anonymous says:

    Thanks for the Facebook post about this. Quick, easy change with LastPass.

    Thanks again!

  • When are you guys going to add password aging? so that lastpass can tell me even when I’m not monitoring security reports, hey you haven’t updated your ‘linkedin’ password in 2 years, go update it. Given aging passwords too often has been shown not to help (more so because then you can’t remember them) but I think never updating is bad too.

    • This is a great suggestion, I would like to see this feature as well.

    • Anonymous says:

      Great idea!

    • Anonymous says:

      Asked the same question, exactly 6 months ago.
      The answer was “Currently no, but thanks for the good suggestion!”

    • Anonymous says:

      Password aging is *not* a good idea, as any decent cryptologist will tell you. It’s safer to use a longer, more secure password once than using dozens of insecure, structured passwords frequently.

    • Stephy says:

      When required in work situations for the average person, I agree that password aging only makes passwords weaker. People either cycle through things that could be broken in dictionary attacks or are forced to use a more complicated password, won’t end up memorizing it because of its short lifespan, and write it on a Post-It right by the keyboard…

      Those of us with LastPass accounts, though, are (hopefully!) using more secure passwords; I see little harm in updating complex generated passwords every now and then.

    • Anonymous says:

      Yea, devs, you really should add that feature. You have a last used time on the vault, get off your ass and write 3 lines of code.

      and password aging IS a good idea. If your using “dozens of insecure, structured passwords” your doomed to fail anyway you idiot. Even if you use common (bad) passwords — say “password” — you might change it every month and make the next one “password1” then “password2” so on and so forth. If you use strong passwords, having ones that change every so often creates an even stronger policy. if one does on the odd chance get compromised, it will be for a maximum of however long your aging tolerance specifies.

      Strong passwords, updated more frequently FTW.

    • Anonymous says:

      Thanks for nasty response. Did you really have to call her an idiot? The fact is — especially in corporate settings where security policies require frequent password changes — that people will choose lame passwords they can remember and just increment through a digit on the end. Many people write them down.

      “if one does on the odd chance get compromised, it will be for a maximum of however long your aging tolerance specifies.” — well, unless of course once the hacker gets it, the hacker changes it, causes damage, and sends your boss nasty emails from your account. Then the compromise has much more enduring effects. PAM

    • yes updating passwords frequently does generally cause people not using password managers to choose weak ones. I personally do not intend to update frequently (even though last pass means it doesn’t matter). My personal intent is to say, 1 year is long enough for any password to not be changed. I just updated a password I know I haven’t updated since ~ high school ~9 years ago. Far too long and it was far too weak. I imagine eventually it’ll be that long after some lastpass passwords. Also some unfortunate websites make me have really sucky passwords to begin with as they have really stupid limitations leaving me to believe they aren’t encrypting them properly. (such as may not be > 10 characters) oh I even have a site that allows only numeric characters as it’s a PIN *headdesk*.