No matter what way you look at it, it's been a rough week for online account security. First, LinkedIn revealed that a whopping 6.5 million account passwords were compromised by Russian hackers. Then, social music portal Last.fm put out a warning to its entire userbase that their accounts may, too, have been compromised. Overall, an estimated 30 million people have been affected by the unfortunate events.
First things first
If you have a LinkedIn or Last.fm account and haven't yet changed your login details, the very first thing you need to do is update your password(s). The process is extremely simple for both sites: Simply log in using your existing username and password, navigate to the preferences (or settings) menu, and input your new password. Save the changes, and you're set to go.
Pick a password that you can remember, but not something that is a common word or phrase. Many sites will now require you to use numbers, capital letters, or even odd, non-alphanumeric characters in your password. While it may seem like a nuisance, this practice does help make your account more secure. Here are some tips everyone should use as a starting point for creating a strong password:
- Do pick a complex combination of words with no relation to one another
- Do include numbers, capital letters, and other characters when possible
- Do pick a password you can remember without having to write it down
- Do change your password frequently, or any time you feel your account may be the victim of a breach
- Do not use names, specifically those of family members
- Do not use common phrases or short passwords
- Do not use the same password for multiple sites
- Do not tell anyone your password under any circumstances
- Do not rely solely on password managers to handle your info, they can be breached as well
A word of warning: If you think you're being creative or ultra-sneaky by using a well-known password, but with a few numbers swapped in for letters, you better think again. Modern password-cracking software used by identity thieves can account for alterations such as this, and you're actually better off making your password longer, with a complex phrase you made up on the spot.
Were you a victim?
After you've changed your password — and only after you've changed it — you can check whether or not your account was actually part of the LinkedIn hacker breach. Online security company LastPass has set up a tool that can check whether or not your password was one of the 6.5 million seized by the scammers. Simply type your old password into the box and click "Test my password" to find out if you were one of the ones affected.
If your password wasn't involved in the breach, you can breathe a small sigh of relief, but feel extra secure that you changed your password just to be safe. If it turns out that your login details were leaked, it's time to do some double-checking of your LinkedIn account to be sure nothing has been altered or deleted, and immediately check your email inbox and spam folders for any communications from LinkedIn accounts you've never seen before. If you find your account completely unchanged, your account is most likely in the clear.
Cleaning up your online presence
Okay, so your account was compromised, but nothing appears to be amiss on your LinkedIn profile and your inbox is clean as a whistle. You might assume at this point that your work is done, but unfortunately for millions of users, it's not. Despite being advised against it since the dawn of the internet, many web users still use the same password for multiple sites, and if someone knows your LinkedIn password, they may also know your login information for any other site you use with that same lock and key.
Along with asking users to change their passwords, Last.fm noted in its official statement that the breach was linked to password exposure from "other sites." That may be a particularly kind way of hinting that way too many people used the same password for LinkedIn as they used for their streaming music account on Last.fm. If you're one of these people, you need to change the password on every other account that used the same login info, and do it immediately. That includes email, bank accounts, student loan websites, and heck, even your account on Starbucks.com.
Can it happen again?
Unfortunately, yes. The nature of these breaches is unique in that it wasn't carried out by an ID thief looking to score a handful of credit card numbers: It was done at a much higher level, affecting millions of users. There is literally nothing you could have done differently to prevent an event like this. That responsibility rests with the companies themselves.
What you can do, is be watchful and vigilant of any irregularities in your own accounts that may be a sign that nefarious actions are taking place. Just like everything else in life, having online accounts poses risks, and there's no way to truly escape them, but by taking precautions, you can put yourself in a position where no matter what happens, you'll be able to bounce back in no time.
More from Tecca: