Welcome, Guest. Please login or register.

Author Topic: linkedin.com password hashes leaked - change your password  (Read 4353 times)

Description:

0 Members and 1 Guest are viewing this topic.

Offline PiruTopic starter

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
    • Show only replies by Piru
    • http://www.iki.fi/sintonen/
linkedin.com password hashes leaked - change your password
« on: June 06, 2012, 01:10:42 PM »
The unsalted SHA-1 password hashes of linkedin.com service have been posted to a hacker forum.

While there is no way to verify if this is for real, it so far does look legit.

As a precaution all linkedin.com users should change their passwords - NOW.
 

Offline Matt_H

Re: linkedin.com password hashes leaked - change your password
« Reply #1 on: June 06, 2012, 01:42:40 PM »
Thanks for the alert. Done.
 

Offline LoadWB

  • Hero Member
  • *****
  • Join Date: Jul 2006
  • Posts: 2901
  • Country: 00
    • Show only replies by LoadWB
Re: linkedin.com password hashes leaked - change your password
« Reply #2 on: June 06, 2012, 02:22:45 PM »
Salted or not, I'm just happy to find out that they DO hash their passwords instead of storing them in plain-text.  I had a complex password before, and now it's even more complex.  Makes using the mobile site difficult but, oh well.
 

Offline hbarcellos

  • Sr. Member
  • ****
  • Join Date: May 2006
  • Posts: 426
  • Country: 00
    • Show only replies by hbarcellos
Re: linkedin.com password hashes leaked - change your password
« Reply #3 on: June 06, 2012, 02:33:59 PM »
Thanks Piru. Changed mine.
BTW, maybe it should be a nice topic to ask everyone to share their own LinkedIn Profiles.

http://www.linkedin.com/pub/heitor-barcellos/0/2b0/b52
}~ A1200 - Apollo 68040 - HOTLY running OS 3.1
}~ Powerbook G4 1.67 running MorphOS 3.2 without Wifi.
}~ Powermac Quicksilver 933 with Radeon 9600 XT (r300) LOUDLY running MorphOS 3.2
}~ [MY iOS GAME]: http://goo.gl/S9nWB (Amiga users can get it FREE[/color], just ask me)
 

Offline sim085

  • Hero Member
  • *****
  • Join Date: Aug 2008
  • Posts: 958
    • Show only replies by sim085
Re: linkedin.com password hashes leaked - change your password
« Reply #4 on: June 06, 2012, 03:11:00 PM »
Do they have the matching username to every password?
 

Offline persia

  • Hero Member
  • *****
  • Join Date: Sep 2006
  • Posts: 3753
    • Show only replies by persia
Re: linkedin.com password hashes leaked - change your password
« Reply #5 on: June 06, 2012, 03:23:27 PM »
I quickly trashed my LinkedIn account before anyone else could!  Not being in the job market I never use my LinkedIn account.....
[SIGPIC][/SIGPIC]

What we\'re witnessing is the sad, lonely crowing of that last, doomed cock.
 

Offline PiruTopic starter

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
    • Show only replies by Piru
    • http://www.iki.fi/sintonen/
Re: linkedin.com password hashes leaked - change your password
« Reply #6 on: June 06, 2012, 04:37:11 PM »
Quote from: sim085;695464
Do they have the matching username to every password?

The hackers who breached the system - most definitely yes. They likely also have the email address associated with the account.

They haven't released the usernames in public, at least not yet.

The 7.x million hash list that has been circulating appears to contain the remaining, yet-to-be cracked hashes.
 

Offline amiman99

Re: linkedin.com password hashes leaked - change your password
« Reply #7 on: June 06, 2012, 05:13:54 PM »
How can I check if I'm on the hacked list, any direct link to the list?
I used to check lulzsec when they were hacking like crazy.
I dont even remember if I have account with LinkedIn.
A500 KS 2.1, 1MB Chip, 68000
A600 KS 3.1, 2MB Chip, ACA630 32MB RAM
A1000 KS 1.3, 8MB RAM
A1200 KS 3.1, Blizzard IV 50MHz 64MB RAM
A2000 KS 2.1, 68030 25MHz, 6MB RAM
A3000 KS 3.1, 68030 25MHz, 16MB RAM
A4000 KS 3.0, 68040 25MHz, 16MB RAM
CDTV KS 3.1, 4MB RAM
CD32
(AROS BOX) Dead :(
 

Offline PiruTopic starter

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
    • Show only replies by Piru
    • http://www.iki.fi/sintonen/
Re: linkedin.com password hashes leaked - change your password
« Reply #8 on: June 06, 2012, 05:20:43 PM »
Quote from: amiman99;695479
How can I check if I'm on the hacked list, any direct link to the list?
There's no way really, as the hash list passed around is incomplete. Since it is incomplete, any such check would be in vain (just because you're not on the incomplete list doesn't make you safe, since your password might already be cracked regardless).

A word of warning BTW: Do not enter you password to any "online checker". Such scams will inevitably pop up soon after incidents like this. Many will happily give out their passwords to such services.. .. uh oh.
« Last Edit: June 06, 2012, 05:24:43 PM by Piru »
 

Offline runequester

  • It\'s Amiga time!
  • Hero Member
  • *****
  • Join Date: Oct 2009
  • Posts: 3695
    • Show only replies by runequester
Re: linkedin.com password hashes leaked - change your password
« Reply #9 on: June 06, 2012, 06:04:07 PM »
Quote from: Piru;695480
There's no way really, as the hash list passed around is incomplete. Since it is incomplete, any such check would be in vain (just because you're not on the incomplete list doesn't make you safe, since your password might already be cracked regardless).

A word of warning BTW: Do not enter you password to any "online checker". Such scams will inevitably pop up soon after incidents like this. Many will happily give out their passwords to such services.. .. uh oh.


Man, they don't waste any time do they?
 

Offline LoadWB

  • Hero Member
  • *****
  • Join Date: Jul 2006
  • Posts: 2901
  • Country: 00
    • Show only replies by LoadWB
Re: linkedin.com password hashes leaked - change your password
« Reply #10 on: June 06, 2012, 06:53:24 PM »
Another thing to note is that if you used the same password for other things, change those right away and destroy that password.  A while back a comparison was made between several leaked password lists and it was found that something like 83% of credentials were shared across multiple services... including the email account to which the other accounts were linked.
 

Offline Ilwrath

Re: linkedin.com password hashes leaked - change your password
« Reply #11 on: June 06, 2012, 07:53:14 PM »
Quote from: LoadWB;695486
Another thing to note is that if you used the same password for other things, change those right away and destroy that password.  A while back a comparison was made between several leaked password lists and it was found that something like 83% of credentials were shared across multiple services... including the email account to which the other accounts were linked.


Yup.  Sound security advice here.  Don't reuse passwords in this fashion, folks.  

I just noticed I had accidentally set the same username/password combo for linkedin and it's associated email address.  OOoops.  Just changed them both (to different things, like they should have been in the first place).  So while it sucks that the list was leaked, it caused me to find my own security mishap before anyone else did.  Yay!  :D
 

Offline Fats

  • Hero Member
  • *****
  • Join Date: Mar 2002
  • Posts: 672
    • Show only replies by Fats
Re: linkedin.com password hashes leaked - change your password
« Reply #12 on: June 06, 2012, 09:40:29 PM »
Quote from: Piru;695453
The unsalted SHA-1 password hashes of linkedin.com service have been posted to a hacker forum.

While there is no way to verify if this is for real, it so far does look legit.

As a precaution all linkedin.com users should change their passwords - NOW.


I think I will keep it just as an excuse when I want to something bad (tm) with my LinkedIn account. It wasn't me, somebody must have cracked my password :)

greets,
Staf.
Trust me...                                              I know what I\'m doing
 

Offline Zac67

  • Hero Member
  • *****
  • Join Date: Nov 2004
  • Posts: 2890
    • Show only replies by Zac67
Re: linkedin.com password hashes leaked - change your password
« Reply #13 on: June 06, 2012, 11:00:33 PM »
Considering quitting my LinkedIn account atm - storing unsalted hashes nowadays should be considered a major offense. Just brainless.
 

Offline Fester

  • Hero Member
  • *****
  • Join Date: Mar 2006
  • Posts: 586
    • Show only replies by Fester
    • http://www.rdmsnippets.com
Re: linkedin.com password hashes leaked - change your password
« Reply #14 on: June 06, 2012, 11:38:33 PM »
Thanks for the alert Piru. I wouldn't have known otherwise. Did the needful.