1042 posts Massfocus
  • Elite Author: Sold more than $75,000 on Envato Market
  • Sells items exclusively on Envato Market
  • Made it to the Authors' Hall of Fame
  • Has referred 500+ members
+7 more
Massfocus says

I just read it on a dutch news site http://tweakers.net/nieuws/82411/wachtwoorden-miljoenen-linkedin-gebruikers-op-straat.html

Its probably being covered in other news sites as well. Just wanted to let everyone know, as i am sure most of us here have linkedin accounts. A good time to change your password.

262 posts
  • Has referred 1+ members
  • Has sold $5,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Has been part of the Envato Community for over 3 years
+1 more
Cryonics says

I have not registered on LinkedIn :winktongue: But, thanks for warning…

2276 posts Bird is the word..
  • Located in United States
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $500,000+ on Envato Market
  • Has been part of the Envato Community for over 6 years
+8 more
jonathan01 says

passwords were not revealed or got – still in hashtag format apparently – still prudent to change your password.

703 posts
  • Has referred 10+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Located in Canada
+3 more
EliIsakov says

I am not part of that :D

3714 posts Community Moderator
  • Helps us moderate the forums
  • Contributed a tutorial on Tuts+
  • Located in Netherlands
  • Made it to the Authors' Hall of Fame
+9 more
Joost Moderator says

passwords were not revealed or got – still in hashtag format apparently – still prudent to change your password.

6,5 million SHA1 hashes were released, which appeared to be unsalted. This basically means that any password below 8 characters is public knowledge, as well as any password that might appear in a dictionary or a list of likely passwords. More importantly; whoever published this list probably has a way of connecting the hashes to the email addresses they belong to, and it is more than likely that more than these 6,5 million were compromised.

Anyone with a LinkedIn account is recommended to not use the password they used there ever again at any other service (which means; change it wherever you’re using it). Consider it broken. Furthermore, don’t change your LinkedIn password to something you use elsewhere – the leak has not yet (publically) been identified or fixed. Do change it, though. Change it to something unique.

If you want to find out if your password was included in the list, simply hash it using unsalted SHA1 (openssl sha1 on a Linux/Mac system) and check if it’s in the list. You can find the Hash file easily via Google – it’s called combo_not.zip. I do recomend not opening it in notepad, though, as it’ll probably crash trying to read a 108MB txt file. Use something from the commandline, like

grep `echo -n "Andres#1" | openssl sha1`  combo_not.txt 

EDIT : Make sure you check if the hash with the first 5 characters turned to zero’s is not in there either; this seems to be a way of the crackers to identify already cracked hashes – a good share of them.

UPDATE : It seems LinkedIn has confirmed the authenticity of at least some of the passwords. For (quite general) background info (on hashes etc), you can refer to this article

766 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $250,000+ on Envato Market
  • Sells items exclusively on Envato Market
  • Made it to the Authors' Hall of Fame
+6 more
LCweb says

I am not part of that :D

Me too :D

203 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 10+ members
  • Has sold $1,000+ on Envato Market
  • Located in Canada
+2 more
iLochie says

It’s worth noting, you can check your password here: http://leakedin.org/

3096 posts
  • Located in Australia
  • Helps us moderate the forums
  • Has been part of the Envato Community for over 5 years
  • Helped several times protecting Envato Market against copyright violations
+16 more
dtbaker Moderator says

It’s worth noting, you can check your password here: http://leakedin.org/

dang. mines in there :P haha. * changes *

4664 posts Love & Light
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $500,000+ on Envato Market
  • Interviewed on an Envato blog
  • Made it to the Authors' Hall of Fame
+8 more
digitalscience says
http://leakedin.org/ <—If anything I’d be careful using this site, since you basically giving your password to them! :D
203 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 10+ members
  • Has sold $1,000+ on Envato Market
  • Located in Canada
+2 more
iLochie says

http://leakedin.org/ <—If anything I’d be careful using this site, since you basically giving your password to them! :D
No XHR requests before the password is hashed using SHA -1. The only thing you should worry about is having a crappy password! Haha, but really – there shouldn’t be much concern – they don’t have your email so there’s not much risk. If you have a strong password it’ll take a very long time to crack – I’d say very little risk even if they were storing the SHA -1 hash you submitted.
by
by
by
by
by
by