Author Topic: linkedin.com password hashes leaked - change your password (Read 4559 times)

Piru · « **on:** June 06, 2012, 01:10:42 PM »

The unsalted SHA-1 password hashes of linkedin.com service have been posted to a hacker forum.

While there is no way to verify if this is for real, it so far does look legit.

As a precaution all linkedin.com users should change their passwords - NOW.

Piru · « **Reply #1 on:** June 06, 2012, 04:37:11 PM »

Quote from: sim085;695464

Do they have the matching username to every password?

The hackers who breached the system - most definitely yes. They likely also have the email address associated with the account.

They haven't released the usernames in public, at least not yet.

The 7.x million hash list that has been circulating appears to contain the remaining, yet-to-be cracked hashes.

Piru · « **Reply #2 on:** June 06, 2012, 05:20:43 PM »

Quote from: amiman99;695479

How can I check if I'm on the hacked list, any direct link to the list?

There's no way really, as the hash list passed around is incomplete. Since it is incomplete, any such check would be in vain (just because you're not on the incomplete list doesn't make you safe, since your password might already be cracked regardless).

A word of warning BTW: Do not enter you password to any "online checker". Such scams will inevitably pop up soon after incidents like this. Many will happily give out their passwords to such services.. .. uh oh.

Piru · « **Reply #3 on:** June 07, 2012, 07:30:15 PM »

It appears that last.fm passwords might have been leaked as well: http://www.last.fm/passwordsecurity

Piru · « **Reply #4 on:** June 07, 2012, 08:28:33 PM »

Quote from: Duce;695641

If you are curious of the status of your now hopefully changed PW/account, visit:

http://leakedin.org/

Examine the source if you are wary of such things, and obviously do not enter your new PW.

I recommend you do not. If your password hash wasn't leaked before, it will be after you use this "service".

The site also incorrectly claims your password is not yet cracked. "Your password was leaked, but it has not (yet) been cracked."

There is no way for the site to know this, and this is thus extremely misleading.

Here's the linkedin blog post about the incident: http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/

Piru · « **Reply #5 on:** June 07, 2012, 08:58:46 PM »

Some info about the recent leaks can be found from https://twitter.com/#!/CrackMeIfYouCan

For instance it seems that the leaks are much older than thought. Interesting stuff.

Author Topic: linkedin.com password hashes leaked - change your password (Read 4559 times)

Piru

linkedin.com password hashes leaked - change your password

Piru

Re: linkedin.com password hashes leaked - change your password

Piru

Re: linkedin.com password hashes leaked - change your password

Piru

Re: linkedin.com password hashes leaked - change your password

Piru

Re: linkedin.com password hashes leaked - change your password

Piru

Re: linkedin.com password hashes leaked - change your password