Ch@ngeY0urP@sTw0rd! - When One Password Across Sites Goes Wrong
Chances are, you, like most people, use the same password across different platforms and websites; even Mark Zuckerberg may be doing it
. Everything from your banking website and email, to LinkedIn, Facebook, Twitter, and countless other sites are likely accessed with the same email/password combination. Even if you have a strong password, you now need to change the passwords for all those sites. Your strong password may have been compromised!
In 2012, when LinkedIn was hacked, only around 6.5 million encrypted passwords were posted online, and LinkedIn never clarified how many users were affected by that breach. Now, a hacker is trying to sell
that account information, including emails and passwords, of 117 million LinkedIn users
. The vast majority of passwords were quickly cracked in the days following the release of the data. Sources behind the hack allege to have approximately 167 million accounts. Of those, around 117 million have both emails and encrypted passwords.
Anyone concerned that their password may have been compromised can use the site "Have I Been Pwned?
" to verify the same. However, the best thing is for you to change your passwords across sites where you might have used the same LinkedIn password. When you change a password, make sure that the password is a strong password
. A strong password should:
You should also make sure you do not use a password at work that is same or similar to what you use on third-party sites. This will prevent your work password from being compromised if the third-party site is hacked. Companies should also educate and inform employees about best password practices.
Have 10-14 characters, at minimum; the longer the password, the better.
Include numbers, symbols, and uppercase letters.
Not be a dictionary word or combination of dictionary words.
If you have any concerns that any of your accounts may have been hacked, or if your personal information is compromised, it is important to respond quickly.
Ice Miller’s Data Security & Privacy practice
helps educate and train clients on data security best practices to address and mitigate risks. Stephen Reynolds
, a former computer programmer and IT Analyst, is a co-chair of Ice Miller’s Data Security and Privacy Practice. Stephen can be reached at email@example.com or (317) 236-2391. Sid Bose
, a former IT engineer, counsels clients on various data security and privacy issues dealing with online privacy, vendor contracts and agreements, IT audit and compliance, data breaches, disaster recovery, and business continuity planning. Sid can be reached at firstname.lastname@example.org.
This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.