Slashdot Mirror

← Back to Stories (view on slashdot.org)

LinkedIn Password Hashes Leaked Online

Posted by Unknown on from the at-least-they-weren't-plain-text dept.

jones_supa writes "A user in a Russian forum is claiming to have hacked LinkedIn to the tune of almost 6.5 million account details. The user uploaded 6,458,020 SHA-1 hashed passwords, but no usernames. Several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list. The Verge spoke with Mikko Hyppönen, Chief Research Officer at F-Secure, who thinks this is a real collection. He told us he is 'guessing it's some sort of exploit on their web interface, but there's no way to know.' We will have to wait for LinkedIn to report back to be sure what exactly has happened." An anonymous reader tipped us to related news: The LinkedIn iOS application harvests information from your calendar and transmits it to their servers unencrypted.

11 of 271 comments (clear)

  1. It's not an exploit, it's a feature! by fuzzyfuzzyfungus · · Score: 5, Funny

    Haven't you always wanted to forge closer ties with the dynamic marketing and legal-arbitrage entrepreneurs at the Russian Business Network? Now, LinkedIn is proud to announce your exciting, and mandatory, chance to do just that!

  2. Plain text by Anonymous Coward · · Score: 5, Funny

    This sort of vulnerability is exactly why I avoid storing passwords in hash form. I always store passwords in plain text form. It's much more secure.

    1. Re:Plain text by fuzzyfuzzyfungus · · Score: 4, Funny

      This sort of vulnerability is exactly why I avoid storing passwords in hash form. I always store passwords in plain text form. It's much more secure.

      Y'know what fools the black-hats every time? Store the passwords in plaintext; but require all users to create a password consisting of exactly 64 hexadecimal characters... Even better, we all know that users hate security, so more user hatred = more secure. And this system is Super Secure.

    2. Re:Plain text by vlm · · Score: 4, Funny

      Won't work, local policy prevents repeated numbers, and letters must be a mix of upper and lower case, and no sequential numbers. (I only wish I were kidding)

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    3. Re:Plain text by michelcolman · · Score: 3, Funny

      The password "Password" is not allowed, but "pissword" is because it contains a number!

    4. Re:Plain text by RCL · · Score: 4, Funny

      That's nothing: this is the real ubersecure requirement.

      --
      Coding etudes
  3. Good! by OakDragon · · Score: 5, Funny

    Maybe I can find mine, I can't remember it!

    --
    Dark Reflection
  4. Re:Could someone please look up my password for me by Anonymous Coward · · Score: 5, Funny

    Greetings comrade,
    Try the following password: 12345
    Sincerely Boris

  5. A New Euphemism! by Rob+Riggs · · Score: 5, Funny

    "Harvested" -- I love it!

    "Bernie Madoff harvested money from his investors."

    "H.I. harvested diapers from the convenience store."

    "LinkedIn harvested private data from my phone."

    They're doing you a favor by "harvesting". Because it's not doing anyone any good if it remains "unharvested".

    --
    the growth in cynicism and rebellion has not been without cause
  6. Re:Could someone please look up my password for me by vlm · · Score: 4, Funny

    Thank you Boris, but that is my luggage combination, not my linkedin password.
    Admittedly my luggage is more important to me than my linkedin account, but...

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  7. Re:Could someone please look up my password for me by Rude+Turnip · · Score: 5, Funny

    I can clearly see that it's hunter2.

    --
    Bill Clinton: Pimp we can believe in. - The Shirt!!!