According to security researchers, it appears that a file containing hashed passwords for about 4% of LinkedIn’s 161 million users has been posted online and hackers are working to crack it, reports Graham Culey at Sophos. “Our team is currently looking into reports of stolen passwords,” says LinkedIn via Twitter.

Security researcher Mikko Hypponen says he’s seen three lists which contain a few hundred thousand cracked passwords, including ‘nathanlinkedin,’ ‘linkedintrouble,’ ‘hondalinkedin,’ and ‘eaglelinkedin.’

I checked mine and found that it was the same password I had used on a couple of other sites and I hadn’t changed it for a couple of years. It’s changed now and it’s a good, strong password. Even if mine was among the hashes and the hackers crack it, it won’t do them any good.

We probably haven’t heard the last of this.

Clicking the link takes victims to a web page that says, “PLEASE WAITING…. 4 SECONDS,” and redirects them to Google. During those four seconds, the victim’s PC is infected with the ZeuS data-theft malware via a drive-by download.

It is thought that the attackers were targeting business users who would likely have financial responsibility in order to gain access to funds in bank accounts. In case you’re not familiar with what Zeus does, here’s info from Wikipedia:

Zeus (also known as Zbot, PRG, Wsnpoem, Gorhax and Kneber) is a Trojan horse that steals banking information by keystroke logging. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek.

It is still active in 2010. On July 14, 2010, security firm Trusteer filed a report which says that the credit cards of more than 15 unnamed US banks have been compromised.^[8] A recent outbreak is being called Kneber.

Better be careful and delete any suspicious items if you are a LinkedIn member.

Nothing is private on the socials; you have to consider everything public. What you write in posts on your own wall, others’ walls, comments, your tweets if you have them linked to your Facebook, is out there just like a 20-foot high billboard on a busy expressway. And the consequences of revealing things that are better kept private can range from mildly embarrassing to loss of professional reputation and employment. Employers often access the socials to conduct a pre-check on a prospective employee to find out how they function away from the work environment.

What to do? Here’s some advice:

1. If you’d be embarrassed if someone found out about it, don’t post a photo or talk about it.
2. If you hate your job, find a better one; don’t whine online. See “How To Lose a Job Via Facebook In 140 Characters or Less.”
3. On Facebook, use the new privacy settings to be very choosy about who can see what.
4. Be aware of the connections you have in common on both personal and professional networks.