I’m currently reading through a list of passwords containing a lot of occurrences of “linked” “linkedin” and “link” They come from a dump of 6.5 million password hashes posted online last night. If you’ve used your LinkedIn password on other sites, go change it on those sites now, and prepare to change it on LinkedIn after they figure out what happened and close the hole (if they were even hacked).
You can download the LinkedIn password dump here: [disk.yandex.net] I’m starting to doubt the legitimacy of the “dump” though.
More to come…
Update 1:
Doing a little research and it looks like the sha1 hash for my password does not appear in the dump. It may be possible that the hashes have been generated to look like they’re a LinkedIn dump.
@schuetzdj and @i0n1c both confirmed that the sha1 hash of their password is also not in the dump. Something’s up here ladies and gents. Another one checks in @jetmotor confirms sha1 hash not there.
Update 3: (sorry it’s out of order)
If the hash of your password does not appear in the dump, check if your hash with the first 5 characters changed to 00000 does…
Update 2:
And here comes the sensationalists. “More than 6.4 million LinkedIn passwords have leaked to the Web after an apparent hack. Though some login details are encrypted, users are advised to change their passwords immediately.” Doesn’t pay to fact check I guess. Sounds like they have no idea what they’re looking at in the thread it’s posted in either.
Another quick update. Yup, the verge is reporting the LinkedIn hack as if it’s a fact as well.
8 Responses to “Did LinkedIn Get Hacked?”
I too am not listed @mcgoverntheory
Check this for me too please. Get the hash of your password, remove the first 5 characters, and see if that occurs in the dump.
Hash of my password found in the list. And no, mine wasn’t easy to figure out.
How do I find out my hash for my password to check if mines in there.
Use any sha1 calculator. Plenty of them online or even better, download and install the sha1 command line utility.
Are they safe to use online? I feel by finding my hash im giving someone my password. Don’t know what is safe anymore these days.
Your password hash and password are essentially the same thing. However, without an account or email address to associate with it, it’s not very helpful to anyone else. Obviously though, offline utilities are more private.
Hmm yea that makes good sense. Is there any particular one you use?