1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

6.5 million LinkedIn passwords leaked

Discussion in 'Social Networking Sites' started by lancis, Jun 6, 2012.

  1. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,632
    Likes Received:
    2,384
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    http://news.cnet.com/8301-1009_3-57...-linkedin-passwords-reportedly-leaked-online/

    FYI
     
    • Thanks Thanks x 1
  2. bk071

    bk071 Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Nov 24, 2010
    Messages:
    3,105
    Likes Received:
    7,917
    Occupation:
    I don't have a job
    Location:
    .............
    Time to change your password... I've already changed mine.
     
  3. techcrunked

    techcrunked Regular Member

    Joined:
    Aug 12, 2011
    Messages:
    361
    Likes Received:
    112
    damn someone can make a lot of of dough with that kind of data
     
  4. deepakmadhu

    deepakmadhu BANNED BANNED

    Joined:
    Apr 2, 2012
    Messages:
    276
    Likes Received:
    133
    i thinking abt my websites security .. LOL
     
  5. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,632
    Likes Received:
    2,384
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    Yep, thats pretty much priceless data. Not your average Joe, mostly business people.
     
  6. ugjunk

    ugjunk Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 1, 2011
    Messages:
    2,345
    Likes Received:
    721
    Location:
    Los Angeles
    Home Page:
    This is lame. Gotta change my password quickly now.
     
  7. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,632
    Likes Received:
    2,384
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    This is the list as posted by the above-mentioned hacker:

    Code:
    http://www4.zippyshare.com/v/57190897/file.html
    Its encoded using SHA-1, so if you want to check whether your password was stolen use PHP to encode your password and search for the resulting string. Obviously, dont use online SHA-1 services, most of them are there to help you donate your own password to the community. :)
     
  8. raticals75

    raticals75 Regular Member

    Joined:
    Sep 2, 2010
    Messages:
    237
    Likes Received:
    70
    Location:
    NY
    Wow that's insane! Wonder how he pulled that one off.
     
  9. theMagicNumber

    theMagicNumber Regular Member

    Joined:
    May 13, 2010
    Messages:
    345
    Likes Received:
    195
    My admirations to the hacker. As far as i understand(i didn't downloaded the zip archive yet), only the password hashes' are leaked with no associated email.
    It is possible to crack the passwords, however a simple password with 8 symbols, containing only a-z and 0-9 will result in 2,821,109,907,456 combinations.
    I think this information is useless.
     
  10. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,632
    Likes Received:
    2,384
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    As I understood the hashes are unsalted, theoretically that means that an average server can crack up to 6 passwords/day using for example HashCat. It might get a long time time to crack em all, but it seems the passwords is not the only problem, the rest of the database has been leaked as well.
     
  11. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,366
    Likes Received:
    1,967
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    What about pre-generating Encrypted characters.
    like if you encrypt a character it will give a string (that string always remains the same for that character).
    Do it on many servers, for all possible characters & combinations -> that way you obtain all sorts of hashes of different encryption types.
    And then you can just a SELECT from database WHERE @ = hash
    to match & get result :D
     
  12. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,632
    Likes Received:
    2,384
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    Yeah, this is probably the first thing they going to do. There are a lot of hash databases, some of them can be found online. I remember using one when tried to match a hash. Although it didnt help me, but with 6.5 million strings someone is likely to get lucky. :)
     
  13. theMagicNumber

    theMagicNumber Regular Member

    Joined:
    May 13, 2010
    Messages:
    345
    Likes Received:
    195
    Using external hash databases will speed the process eventually.
    I was just curious what i can do on my machine(Q9550), i was able to check 250k hashes per second, so it will take me around 5 months to crack all 8 symbol passwords.
     
  14. BlackIrish

    BlackIrish Junior Member

    Joined:
    Jun 14, 2008
    Messages:
    106
    Likes Received:
    54
    Pretty bad stuff, I had an account there :( :(

    Time for me too, to change the password :D
     
  15. Narrator

    Narrator Power Member

    Joined:
    Oct 5, 2010
    Messages:
    507
    Likes Received:
    396
    Occupation:
    Internet Marketing
    Location:
    /dev/null
    I never understood why large companies don't salt their hashes...
     
  16. jovic70

    jovic70 Guest

    bad admin :D
     
  17. JASPAR

    JASPAR Newbie

    Joined:
    Jun 6, 2012
    Messages:
    9
    Likes Received:
    1
    Location:
    Jacksonville
    I have a account on there, I changed mine this morning when I saw it on the news.
     
  18. lanbo

    lanbo Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 23, 2009
    Messages:
    3,437
    Likes Received:
    595
    Home Page:
    Wow - luckily I don't have an account with them
     
  19. Skink

    Skink Newbie

    Joined:
    Jun 4, 2012
    Messages:
    7
    Likes Received:
    4
    Do many people here actually have LinkedIn accounts? Just out of curiosity.
     
  20. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,632
    Likes Received:
    2,384
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    From those I know almost everyone has an account there: hi tech people, lawyers, investors, you name it..