Hacker News new | past | comments | ask | show | jobs | submit login

Given they haven't confirmed they've found and closed the leak, is it wise for everyone to be changing their passwords already?



Given many people have confirmed that their uniquely generated password is in the list, is it wise to wait any longer before changing your password ?


I guess you need to do both: change your password, but to something throwaway. Then when the hole is closed, change it again.


I'm not sure what you're implying. How have they 'closed the leak'?

If you find your hash in the list, you should change your password. If you don't, you should change your password.

I use LastPass to manage my passwords so I just generated another random 20+ char password and forgot about it.


The point is that LinkedIn haven't even confirmed they know how the passwords were stolen (they haven't even confirmed they were stolen, yet).

In that case, when you change your password and feel all secure again, what's to say the hackers haven't just lifted your new hash as well?


That's a fair point.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: