Breach at LinkedIn may have exposed passwords


The popular business-oriented social networking website LinkedIn has had 164 million email addresses and passwords exposed. The data was originally breached in 2012, but did not surface on the internet until recently. Among the exposed data were 3,393 McMaster email addresses.

The IT Security team recommends that you change your LinkedIn password. If you used your McMaster email address to sign up for your LinkedIn profile, we also recommend that you change your MacID password.

It is very convenient to receive emails notifications from LinkedIn, Twitter, Facebook or other social networking sites and services sent directly to your work email account, so that you don’t have to disrupt the flow of your work day in order to keep in touch with your online life.

If you have signed up to external services using your McMaster email account, we have some advice that will help you to protect your information, and to prevent someone outside the organization from using your credentials to gain access to McMaster information systems:

  • Choose a strong and unique password for every account you own. If you do use your McMaster email to sign up for an external service, never use the same password as you use at work.
  • It can become onerous to manage multiple sets of credential, and multiple strong passwords, so IT Security recommends using a password manager such as LastPass, 1Password, or KeePass. Password managers encrypt and store your strong passwords, then recall them for you when you need them. They can even help you to create stronger passwords.
  • Finally, don’t share your passwords with anyone!

While it is not strictly forbidden to use your McMaster email account to sign up for external services, the IT Security team recommends that you avoid doing this whenever possible. There are plenty of free, internet based email services such as Gmail, Yahoo! and Outlook.com, and it is easy to create a personal email account for use with your private on-line life.