Neodan Posted June 7, 2012 Share Posted June 7, 2012 http://techcrunch.com/2012/06/06/6-5-million-linkedin-passwords-reportedly-leaked-linkedin-is-looking-into-it/ Most of you probably have a LinkedIn account. If you do, you might want to look into this. 6.5 Million passwords leaked...how is that possible? Link to comment Share on other sites More sharing options...
Rudy Posted June 7, 2012 Share Posted June 7, 2012 My password wasn't leaked but my wife's password was so she changed it Link to comment Share on other sites More sharing options...
Haggis Veteran Posted June 7, 2012 Veteran Share Posted June 7, 2012 wheres the list? Link to comment Share on other sites More sharing options...
Rudy Posted June 7, 2012 Share Posted June 7, 2012 wheres the list? leakedin.org Link to comment Share on other sites More sharing options...
xendrome Posted June 7, 2012 Share Posted June 7, 2012 leakedin.org That would be an excellent way to phish passwords, make a site like that one... Link to comment Share on other sites More sharing options...
jelli Posted June 7, 2012 Share Posted June 7, 2012 That would be an excellent way to phish passwords, make a site like that one... All the site would do would be to phish passwords, not the emails or usernames associated with them. The site never requests that information. In terms of how this happened I am not sure as to the route of entry into LinkedIn's systems but the fact that user passwords were stored in unsalted hashes is pretty poor security practice. Link to comment Share on other sites More sharing options...
xendrome Posted June 7, 2012 Share Posted June 7, 2012 All the site would do would be to phish passwords, not the emails or usernames associated with them. The site never requests that information. In terms of how this happened I am not sure as to the route of entry into LinkedIn's systems but the fact that user passwords were stored in unsalted hashes is pretty poor security practice. True, but you could also log ip addresses to each password entry, which would gain you a little more traction on getting to that users info somewhere online.. Link to comment Share on other sites More sharing options...
Rudy Posted June 7, 2012 Share Posted June 7, 2012 That would be an excellent way to phish passwords, make a site like that one... If you're really scared, try a bunch of "passwords" first, then your own, then more "passwords", no way they can trace it. (Or you could just read the code and see that it doesn't send your password but the hash) Link to comment Share on other sites More sharing options...
shakey Posted June 7, 2012 Share Posted June 7, 2012 Sweet, I'm safe :) Link to comment Share on other sites More sharing options...
Harpp Posted June 14, 2012 Share Posted June 14, 2012 good to know :huh: Link to comment Share on other sites More sharing options...
rfirth Posted June 14, 2012 Share Posted June 14, 2012 The passwords are hashed, but associated with your LinkedIn username, right? In the leak? I'm making an assumption here, I don't know. I don't think the people who did the crack released this information but they might have it. What LeakedIn.org could do is hash the password you submit, and tell you the result - if you're in the database. But it could also then update the entry in the database with the correct password. So then they would have your username and password for LinkedIn, which would be useful trying to use those credentials on other sites. This would crack the encrypted passwords that haven't been cracked yet. Link to comment Share on other sites More sharing options...
Recommended Posts