6.5 million LinkedIn passwords leaked

lancis

Elite Member
Joined
Jul 31, 2010
Messages
1,682
Reaction score
2,443
A user in a Russian forum says that he has hacked and uploaded almost 6.5 million LinkedIn passwords, according to The Verge. Though his claim has yet to be confirmed, Twitter users are already reporting that they've found their hashed LinkedIn passwords on the list, security expert Per Thorsheim said.

LinkedIn revealed through its own tweet that it's looking into reports of stolen passwords, and it advised users to stay tuned for more information.

http://news.cnet.com/8301-1009_3-57448079-83/millions-of-linkedin-passwords-reportedly-leaked-online/

FYI
 
Time to change your password... I've already changed mine.
 
damn someone can make a lot of of dough with that kind of data
 
This is lame. Gotta change my password quickly now.
 
This is the list as posted by the above-mentioned hacker:

Code:
http://www4.zippyshare.com/v/57190897/file.html

Its encoded using SHA-1, so if you want to check whether your password was stolen use PHP to encode your password and search for the resulting string. Obviously, dont use online SHA-1 services, most of them are there to help you donate your own password to the community. :-)
 
Wow that's insane! Wonder how he pulled that one off.
 
My admirations to the hacker. As far as i understand(i didn't downloaded the zip archive yet), only the password hashes' are leaked with no associated email.
It is possible to crack the passwords, however a simple password with 8 symbols, containing only a-z and 0-9 will result in 2,821,109,907,456 combinations.
I think this information is useless.
 
My admirations to the hacker. As far as i understand(i didn't downloaded the zip archive yet), only the password hashes' are leaked with no associated email.
It is possible to crack the passwords, however a simple password with 8 symbols, containing only a-z and 0-9 will result in 2,821,109,907,456 combinations.
I think this information is useless.

As I understood the hashes are unsalted, theoretically that means that an average server can crack up to 6 passwords/day using for example HashCat. It might get a long time time to crack em all, but it seems the passwords is not the only problem, the rest of the database has been leaked as well.
 
What about pre-generating Encrypted characters.
like if you encrypt a character it will give a string (that string always remains the same for that character).
Do it on many servers, for all possible characters & combinations -> that way you obtain all sorts of hashes of different encryption types.
And then you can just a SELECT from database WHERE @ = hash
to match & get result :D
 
What about pre-generating Encrypted characters.

like if you encrypt a character it will give a string (that string always remains the same for that character).
Do it on many servers, for all possible characters & combinations -> that way you obtain all sorts of hashes of different encryption types.
And then you can just a SELECT from database WHERE @ = hash
to match & get result :D

Yeah, this is probably the first thing they going to do. There are a lot of hash databases, some of them can be found online. I remember using one when tried to match a hash. Although it didnt help me, but with 6.5 million strings someone is likely to get lucky. :-)
 
Using external hash databases will speed the process eventually.
I was just curious what i can do on my machine(Q9550), i was able to check 250k hashes per second, so it will take me around 5 months to crack all 8 symbol passwords.
 
Pretty bad stuff, I had an account there :( :(

Time for me too, to change the password :D
 
As I understood the hashes are unsalted, theoretically that means that an average server can crack up to 6 passwords/day using for example HashCat. It might get a long time time to crack em all, but it seems the passwords is not the only problem, the rest of the database has been leaked as well.

I never understood why large companies don't salt their hashes...
 
I have a account on there, I changed mine this morning when I saw it on the news.
 
Do many people here actually have LinkedIn accounts? Just out of curiosity.

From those I know almost everyone has an account there: hi tech people, lawyers, investors, you name it..
 
Back
Top