linkedin.com password hashes leaked - change your password - Page 2

Speelgoedmannetje · 06-06-2012, 04:49 PM

Quote:

Originally Posted by LoadWB

Salted or not, I'm just happy to find out that they DO hash their passwords instead of storing them in plain-text. I had a complex password before, and now it's even more complex. Makes using the mobile site difficult but, oh well.

I just saw today KeePass, a password manager is available as well on smartphones

**Duce** · 06-06-2012, 04:55 PM

KeePass is great, highly recommended.

**klx300r** · 06-06-2012, 05:22 PM

ah that's why I've been getting spam emails form linkedin this past week!

thanks for the heads up Piru

Pete_Noir · 06-06-2012, 05:39 PM

Thanks for the heads up, didn't hear about this. According to http://mashable.com/2012/06/06/linke...-confirmation/ if your account was one of those compromised, you won't be able to log in and you should get an email from LinkedIn. I didn't get an email, but I've still changed my password anyway

LoadWB · 06-06-2012, 07:08 PM

Quote:

Originally Posted by Speelgoedmannetje

I just saw today KeePass, a password manager is available as well on smartphones

Thanks. Generally speaking I dismiss recommendations like this because I don't run Phone, Android, or iPhone, so some of my capabilities are stymied by my insistence on sticking with a feature phone.

Lo and behold!

KeePass for J2ME | Free software downloads at SourceForge.net
http://sourceforge.net/projects/keepassj2me/

persia · 06-06-2012, 07:50 PM

Given the wankfest LinkedIn is, how would you know it was hacked?

Ami_GFX · 06-06-2012, 09:52 PM

A whole bunch of passwords changed. If it wasn't necessary, it was time anyway.

LoadWB · 06-07-2012, 12:34 AM

Welp, dammit, my password is definitely in the list.

**Piru** · 06-07-2012, 12:30 PM

It appears that last.fm passwords might have been leaked as well: http://www.last.fm/passwordsecurity

**Duce** · 06-07-2012, 01:12 PM

If you are curious of the status of your now hopefully changed PW/account, visit:

http://leakedin.org/

Examine the source if you are wary of such things, and obviously do not enter your new PW.

**Piru** · 06-07-2012, 01:28 PM

Quote:

Originally Posted by Duce

If you are curious of the status of your now hopefully changed PW/account, visit:

http://leakedin.org/

Examine the source if you are wary of such things, and obviously do not enter your new PW.

I recommend you do not. If your password hash wasn't leaked before, it will be after you use this "service".

The site also incorrectly claims your password is not yet cracked. "Your password was leaked, but it has not (yet) been cracked."

There is no way for the site to know this, and this is thus extremely misleading.

Here's the linkedin blog post about the incident: http://blog.linkedin.com/2012/06/06/...s-compromised/

**Piru** · 06-07-2012, 01:58 PM

Some info about the recent leaks can be found from https://twitter.com/#!/CrackMeIfYouCan

For instance it seems that the leaks are much older than thought. Interesting stuff.

Zac67 · 06-07-2012, 02:25 PM

If you need to find out whether your password has leaked, you can safely use PHP's sha1() function and then google the hash.

I've already found mine but that didn't really surprise me since it's probably among the first 1000 tested in a dictionary attack anyway - LinkedIn didn't seem to require a more 'serious' password, and right I was as it seems.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode