Phishers are coming out of the woodwork trying to bait panicked or otherwise unsuspecting LinkedIn users into supposedly 'confirming' their account, but what they're really doing is hijacking login credentials. They're also compounding the situation, whereby LinkedIn has now confirmed it suffered a data breach in which encrypted user passwords were compromised. Here's what you should do.
First and foremost, log into LinkedIn by typing the site's address directly into your browser and change your password. Don't click on any links in emails, even if they appear to be legit, which some of them do . It's unclear whether or not LinkedIn has begun notifying its members of the data breach via email, but according to security firm ESET, plenty of legitimate looking phishing emails are making the rounds.
The next thing you should do is change your password on any other site that uses the same login credentials. You should be using different passwords for different sites anyway, but if not, now's a great time to get into the habit of separating your online accounts.
According to reports, around 6.5 million LinkedIn passwords fell into malicious hands, so there's a good chance yours is one of them. If you want to know for sure, LastPass has an online tool that will compare the SHA-1 hash of your password with those that have been compromised. But is it safe to fork over your LinkedIn password to LastPass?
"The above tool asks you to enter your LinkedIn password, and then computes its SHA-1 hash and sends the result to LastPass.com to search the list of 6.5 million leaked password hashes. A hash is a mathematical function that is simple to perform in one direction, but very difficult to reverse. Meaning, the tool will convert your password into a series of characters in such a way that it will be very difficult to re-construct your original password," LastPass explains.
LastPass says that only the hash of your password is sent to LastPass.com's servers, not your actual password. And according to Mashable , LastPass doesn't store your hash on its servers. Still, if you're feeling uneasy, go ahead and change your LinkedIn password regardless.