Slashdot Mirror

← Back to Stories (view on slashdot.org)

LinkedIn Password Hashes Leaked Online

Posted by Unknown on from the at-least-they-weren't-plain-text dept.

jones_supa writes "A user in a Russian forum is claiming to have hacked LinkedIn to the tune of almost 6.5 million account details. The user uploaded 6,458,020 SHA-1 hashed passwords, but no usernames. Several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list. The Verge spoke with Mikko Hyppönen, Chief Research Officer at F-Secure, who thinks this is a real collection. He told us he is 'guessing it's some sort of exploit on their web interface, but there's no way to know.' We will have to wait for LinkedIn to report back to be sure what exactly has happened." An anonymous reader tipped us to related news: The LinkedIn iOS application harvests information from your calendar and transmits it to their servers unencrypted.

2 of 271 comments (clear)

  1. Hashes list link by xded · · Score: 5, Informative

    http://www.mediafire.com/?n307hutksjstow3

    When checking for your password, check both for its SHA-1 hash and for the SHA-1 hash with the first five chars zeroed. Quoting:

    Some observations on this file:

    0. This is a file of SHA1 hashes of short strings (i.e. passwords).

    1. There are 3,521,180 hashes that begin with 00000. I believe that these represent hashes that the hackers have already broken and they have marked them with 00000 to indicate that fact.

    Evidence for this is that the SHA1 hash of 'password' does not appear in the list, but the same hash with the first five characters set to 0 is.

    5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 is not present
    000001e4c9b93f3f0682250b6cf8331b7ee68fd8 is present

    Same story for 'secret':

    e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 is not present
    00000a1ba31ecd1ae84f75caaa474f3a663f05f4 is present

    And for 'linkedin':

    7728240c80b6bfd450849405e8500d6d207783b6 is not present
    0000040c80b6bfd450849405e8500d6d207783b6 is present

    2. There are 2,936,840 hashes that do not start with 00000 that can be attacked with JtR.

    3. The implication of #1 is that if checking for your password and you have a simple password then you need to check for the truncated hash.

    4. This may well actually be from LinkedIn. Using the partial hashes (above) I find the hashes for passwords linkedin, LinkedIn, L1nked1n, l1nked1n, L1nk3d1n, l1nk3d1n, linkedinsecret, linkedinpassword, ...

    5. The file does not contain duplicates. LinkedIn claims a user base of 161m. This file contains 6.4m unique password hashes. That's 25 users per hash. Given the large amount of password reuse and poor password choices it is not improbable that this is the complete password file. Evidence against that thesis is that password of one person that I've asked is not in the list.

  2. These are not current password Hashs by Jadeinfosy · · Score: 5, Informative

    I changed my LinkedIn password a while back (about a month ago or so) my old password shows up in the Hash not my new password.