Skip to content

LinkedIn hacked

Featured Replies

Dunno whether anyone uses it, but LinkedIn have had 6 million+ password hashes stolen, so it's time to change your passwords :)

First they have to decrypt the passwords, and I would hope they have been encrypted with a sufficently strong key.

  • Author

SHA1 hash, no salt, no encryption. So it relies on you having chosen a sufficiently good password in the first place, which I'm sure a lot of people won't have (as there's no complexity requirements on LinkedIn, I don't think).

Sophos have already found theirs in the list and used that to decrypt a few others I read.

Wont take the hackers long. They'll have likely cracked it already before posting up as is usual.

  • Author

Yeah, there are loads of entries in the text file that have been mangled to have 5 leading zeroes, which seems to indicate that they're decoded entries (if you look for the hash for simple entries like "password" or "secret", for example, it isn't there. However, get the hash and look for it with the first 5 digits zeroed, and it is).

There were no usernames released (at least not in the copy I've got) which is a "good" thing, having lots of passwords is one thing but there's 100+ million accounts you'd have to try and match them to. It's possible that data was also stolen and not released though, so people should still change their passwords just in case IMO. Turns out there are several programs for accelerating hash generation using CUDA/OpenCL and taking advantage of powerful graphics cards to do the number crunching, which in theory could turn up the hashes for even some of the more complex passwords...

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Account

Navigation

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.