Page 2 of 2
Next steps for LinkedIn users appear to be somewhat in debate. Some security experts advocate an immediate password change, but LogRhythm's Pack suggests that users wait until a response comes from LinkedIn.
“If users use that same password on different accounts, they should change all those other account passwords immediately,” he said. “Do not change your LinkedIn password until this is resolved by the company. It’s entirely possible that the attack is still active, meaning that any change of password would be detected, as well.”
Wisniewski from Sophos added that this development represents a perfect opportunity for people to re-examine their approach to passwords.
“When it comes to choosing a password, the three most important things are to use long passwords, don’t choose a dictionary word and use a different password for each separate account,” he said. “If you had a long enough password, it would be really hard to brute force off of this list. If you only use that password at LinkedIn, it won't matter because I'm sure LinkedIn is going to require all their users to change their passwords. And don't use dictionary words, even dictionaries from foreign languages. They look at those too.”