LinkedIn breached: 6.5 million passwords compromised


Attention LinkedIn users, your privacy has been breached. Millions of internet users can now see your password posted online. We request you not to be under false pretenses that you are safe from this epidemic. LinkedIn has already confirmed this news and has stated that passwords that are reset will now be stored in a salted format, which technically means that passwords are in an encrypted format AND adjoined with a random bunch of characters to make the password-cracking process a pain-in-the-neck for the hacker.

According to Imperva:

The passwords weren't properly protected.  The hashes, in geek speak, were unsalted sha1 hashes.  Not salting is a bad practice that we detailed in last month’s report on the Military singles breach.   Salting, in layman’s terms, complicates the process of a hacker cracking a password.  Not only do you encrypt the password, but append it with a random string of characters so even if those passwords are revealed, they look like gobbledygook.

LinkedIn was probably breached but the password database doesn’t indicate this specifically.  Many of the passwords contained a high volume of the word, or a variation of the word, “linkedin”.  This indicates that the pool of passwords comes from LinkedIn, though the hacker hasn’t specifically made such a connection.  The password set shows:

  • 13 passwords contained “linkedin”
  • 509 passwords contained “linked”
  • 1134 passwords contained “link”

Imperva suggest that the list of the security breach could be much larger than the already whooping number of 6.5 million. They have provided two reasons for their theory:

1. The list doesn't have any easy passwords such as 123456 (which is the most used password in the history of passwords) included.

2. All passwords are listed only once, leaving us to a guessing game wondering how many times was a certain password used.

After this massacre, SophosLabs geniuses did a little research of their own, testing which passwords were commonly used among the 6.5 million users and should never be used by anyone. Their study suggested that only 2 passwords of the 6.5 million passwords were unique and not used by anyone else. "mypc123" and "ihavenopass" are the lucky winners of the day. Unfortunately, these, too, were cracked and exploited.


click here to know if your password is compromised

1 comments:

Hello, Need hacking services?Be warned, most of these so called hackers here are impostors, I know how real hackers work, they never advertise themselves in such a credulous manner and they are always discrete. I’ve been ripped off so many times out of desperation trying to find urgent help to change my school results, finally my friend introduced me to a reliable hacker who work with discretion and delivers, he does all sorts of hacks but he helped me;
-Changed my school grades
-Hacked my cheating boyfriend email/facebook,whatsapp,instagram,with snapchat
-The most of it all, he helped me with Western union money transfer and i tracked and confirm the money before i paid him his fee. I have made him my permanent hacker and you can as well enjoy his services.You can contact him at BESTHACKGAME@GMAIL.COM request for any hacking services and also endeavor to spread the good news on how he helped you.
Tell him Mirabell referred you.

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More