A 2012 LinkedIn hack was much bigger than previously expected, with well over 100 million people potentially at risk, the professional networking site announced earlier this week.
If you’ve been a member of the site for that long, it’s possible that your personal details and password were leaked online by hackers. Assuming your email address has remained constant all this time, you may have gotten a message like this earlier in the week:
Discomfiting? You bet. While the passwords were encrypted — an additional layer of security that essentially masks the characters — hackers have “cracked” most of them, Motherboard’s Lorenzo Franceschi-Bicchierai reported on Wednesday. In other words, it’s quite possible that your email and password are in the wrong hands right now.
That’s a big problem if you use the same password across websites. Think of it this way: If a hacker sees from the LinkedIn hack that your email address ends in @, he or she might try logging into your inbox with the same password from the LinkedIn breach. If it works, all of your messages are now exposed, potentially including banking information or allowing access to other sites.
To keep yourself safe, you’ll want to immediately change any of your passwords that match the one you used on LinkedIn. Start with your email. The best practice is to use a unique password on every service — to avoid this exact situation should hacks occur.
You should also enable two-factor authentication on any sites that allow it. (LinkedIn does, for example.) Generally, this unfortunately named security feature will send a text message to your phone with a special passcode whenever someone (including yourself) tries to log into a service from an unrecognized device. A hacker might get your password, but they probably won’t have your phone as well, which means they’ll stay locked out.