If you are a LinkedIn user, you should change your password to the popular social networking site immediately. @linkedinnews has posted that they are looking into reports of stolen passwords and Norwegian IT site Dagens IT has stated that approximately 6.5 million encrypted passwords have been posted to a Russian hacker site.
How big of a deal is this? LinkedIn currently has over 150 million users, so a breach of 6.5 million accounts represents about 4% of their user population, or about 1 in 25 users. So, this is a pretty significant theft. Even though the passwords were encrypted, they were done doing so using a method that is easy to crack, especially if the password is a word that would be found in the dictionary. It’s also unclear at this time whether or not the 6.5 million records that have been posted represents the full breached data set. There very well could be more that either haven’t been found online or haven’t been posted yet.
The other issue at hand here is that many users reuse passwords across multiple sites. So, once you have your login information stolen for one site, the likelihood is very high that the bad guys now have your login for a number of other places as well, including your webmail, bank, corporate network, or brokerage firm.
My recommendation: If you haven’t already done so while reading this post, change your LinkedIn password now. Also, if you use the same password on other sites as well, change your password there also. This password is now compromised and cannot be trusted on any site, LinkedIn or otherwise.