1012 posts Massfocus
  • Elite Author
  • Exclusive Author
  • Sold between 50 000 and 100 000 dollars
  • Bought between 50 and 99 items
  • Has been a member for 5-6 years
  • Referred between 500 and 999 users
  • Author had a File in an Envato Bundle
  • Beta Tester
+3 more
Massfocus says

I just read it on a dutch news site http://tweakers.net/nieuws/82411/wachtwoorden-miljoenen-linkedin-gebruikers-op-straat.html

Its probably being covered in other news sites as well. Just wanted to let everyone know, as i am sure most of us here have linkedin accounts. A good time to change your password.

184 posts
  • Referred between 1 and 9 users
  • Has been a member for 2-3 years
  • Europe
  • Exclusive Author
  • Bought between 1 and 9 items
  • Sold between 5 000 and 10 000 dollars
Loki6 says

I have not registered on LinkedIn :winktongue: But, thanks for warning…

2263 posts Bird is the word..
  • Elite Author
  • United States
  • Sold between 250 000 and 1 000 000 dollars
  • Has been a member for 6-7 years
  • Referred between 200 and 499 users
  • Bought between 100 and 499 items
  • Microlancer Beta Tester
  • Exclusive Author
+3 more
jonathan01 says

passwords were not revealed or got – still in hashtag format apparently – still prudent to change your password.

701 posts
  • Canada
  • Interviewed on the Envato Notes blog
  • Has been a member for 2-3 years
  • Sold between 1 000 and 5 000 dollars
  • Referred between 10 and 49 users
  • Bought between 1 and 9 items
  • Exclusive Author
EliIsakov says

I am not part of that :D

3650 posts Community Moderator
  • Has been a member for 5-6 years
  • Contributed a Tutorial to a Tuts+ Site
  • Netherlands
  • Community Moderator
  • Microlancer Beta Tester
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Exclusive Author
+4 more
Joost Volunteer moderator says

passwords were not revealed or got – still in hashtag format apparently – still prudent to change your password.

6,5 million SHA1 hashes were released, which appeared to be unsalted. This basically means that any password below 8 characters is public knowledge, as well as any password that might appear in a dictionary or a list of likely passwords. More importantly; whoever published this list probably has a way of connecting the hashes to the email addresses they belong to, and it is more than likely that more than these 6,5 million were compromised.

Anyone with a LinkedIn account is recommended to not use the password they used there ever again at any other service (which means; change it wherever you’re using it). Consider it broken. Furthermore, don’t change your LinkedIn password to something you use elsewhere – the leak has not yet (publically) been identified or fixed. Do change it, though. Change it to something unique.

If you want to find out if your password was included in the list, simply hash it using unsalted SHA1 (openssl sha1 on a Linux/Mac system) and check if it’s in the list. You can find the Hash file easily via Google – it’s called combo_not.zip. I do recomend not opening it in notepad, though, as it’ll probably crash trying to read a 108MB txt file. Use something from the commandline, like

grep `echo -n "Andres#1" | openssl sha1`  combo_not.txt 

EDIT : Make sure you check if the hash with the first 5 characters turned to zero’s is not in there either; this seems to be a way of the crackers to identify already cracked hashes – a good share of them.

UPDATE : It seems LinkedIn has confirmed the authenticity of at least some of the passwords. For (quite general) background info (on hashes etc), you can refer to this article

584 posts
  • Elite Author
  • Sold between 100 000 and 250 000 dollars
  • Most Wanted Bounty Winner
  • Bought between 10 and 49 items
  • Exclusive Author
  • Referred between 50 and 99 users
  • Has been a member for 3-4 years
+1 more
LCweb says

I am not part of that :D

Me too :D

203 posts
  • Bought between 1 and 9 items
  • Canada
  • Exclusive Author
  • Has been a member for 4-5 years
  • Referred between 10 and 49 users
  • Sold between 1 000 and 5 000 dollars
iLochie says

It’s worth noting, you can check your password here: http://leakedin.org/

2822 posts
  • Australia
  • Community Moderator
  • Elite Author
  • Author had a Free File of the Month
  • Most Wanted Bounty Winner
  • Author had a File in an Envato Bundle
  • Has been a member for 5-6 years
  • Contributed a Blog Post
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
+10 more
dtbaker Volunteer moderator says

It’s worth noting, you can check your password here: http://leakedin.org/

dang. mines in there :P haha. * changes *

4361 posts Love & Light
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Has been a member for 7-8 years
  • Author had a File in an Envato Bundle
  • Most Wanted Bounty Winner
  • Interviewed on the Envato Notes blog
  • South Africa
+3 more
digitalscience says
http://leakedin.org/ <—If anything I’d be careful using this site, since you basically giving your password to them! :D
203 posts
  • Bought between 1 and 9 items
  • Canada
  • Exclusive Author
  • Has been a member for 4-5 years
  • Referred between 10 and 49 users
  • Sold between 1 000 and 5 000 dollars
iLochie says

http://leakedin.org/ <—If anything I’d be careful using this site, since you basically giving your password to them! :D
No XHR requests before the password is hashed using SHA -1. The only thing you should worry about is having a crappy password! Haha, but really – there shouldn’t be much concern – they don’t have your email so there’s not much risk. If you have a strong password it’ll take a very long time to crack – I’d say very little risk even if they were storing the SHA -1 hash you submitted.
by
by
by
by
by
by