3750 posts Community Moderator
  • Helps us moderate the forums
  • Contributed a tutorial on Tuts+
  • Located in Netherlands
  • Made it to the Authors' Hall of Fame
+9 more
Joost Moderator says

Perhaps I’m being a paranoid parrot (seeing as even Envato notes recommends a similar checker by LastPass ), but..


Haha, but really – there shouldn’t be much concern – they don’t have your email so there’s not much risk.

How do you know? Is it very likely that whoever posted those hashes also has a list of email addresses, and the owner of leakedin.org could be anyone.


If you have a strong password it’ll take a very long time to crack – I’d say very little risk even if they were storing the SHA -1 hash you submitted.

Whoever owns this site could be getting quite a nice rainbow table of people checking if their passwords, factoring out password length as a security measure ;)

Rule of thumb: never ever ever ever enter your password anywhere but in the login form of the site you’re using it for. I realise the source of LeakedIn.org looks very trustworthy and clear, with their hashIt() in the on-submit and all, but I hardly believe I’m capable of spotting every Javascript trickery he could pull to still have the cleartext password. Heck, you would have to check if he actually implemented SHA1 correctly (which would mean you’d be hashing it yourself anyway). Also, I doubt everyone who filled in their password there actually read the source.

EDIT : Using a network sniffer one can indeed verify that LeakedIn.org only sends out hashes. Still, never enter your password anywhere but where it’s ment to go.

203 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 10+ members
  • Has sold $1,000+ on Envato Market
  • Located in Canada
+2 more
iLochie says

EDIT : Using a network sniffer one can indeed verify that LeakedIn.org only sends out hashes. Still, never enter your password anywhere but where it’s ment to go.
This is definitely a good rule of thumb, I suppose I shouldn’t be advertising “yeah enter your password it’ll be fine.” But the story is that the emails were retained, but the passwords were distributed in a file so people can generate brute force lists (I guess.) Chrome’s got a built in network sniffer that’ll tell you about all incoming and outgoing traffic – specifically the XHR request I mentioned previously are the ones called after the page loads – generally AJAX . I assumed for the most part that this wouldn’t be very dangerous, but again it’s always smart to keep your passwords to their respective domains.
R3GeneralDesigns
R3GeneralDesigns Recent Posts Threads Started
97 posts
  • Has been part of the Envato Community for over 2 years
  • Has sold $5,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
R3GeneralDesigns says

And this problems will increase while people continue using mobile phones and social networking…

3750 posts Community Moderator
  • Helps us moderate the forums
  • Contributed a tutorial on Tuts+
  • Located in Netherlands
  • Made it to the Authors' Hall of Fame
+9 more
Joost Moderator says

And this problems will increase while people continue using mobile phones and social networking…

Mobile phones seem to have nothing to do with this leak, and other than provide a target, neither does social networking. ;) It seems to have been a serversided leak.

I do agree with you on the point that these attacks are ever increasing – more and more of our lifes take place online, making it more and more an area of interest for those with criminal intent.

7824 posts
  • Has been part of the Envato Community for over 5 years
  • Has sold $40,000+ on Envato Market
  • Sells items exclusively on Envato Market
  • Has referred 10+ members
+4 more
doru says

hope that military virus has nothing to do with this. If someone gets his hand on that then bye internet. Also last fm seem to have the same problems

Helpful Information

  • Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
  • Open a support ticket if you would like specific help with your account, deposits or purchases.
  • Item Support by authors is optional and may vary. Please see the Support tab on each item page.

Most of all, enjoy your time here. Thank you for being a valued Envato community member.

Post Reply

Format your entry with some basic HTML. Read the Full Details, or here is a refresher:

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody

:grin: :shocked: :cry: Complete List of Smiley Codes

by
by
by
by
by
by