|
2012-06-06, 18:46
|
#1 |
"Serge"
Mar 2008
Phi(4,2^7658614+1)/2
22·23·103 Posts |
LinkedIn password database was stolen and posted publically
Please be aware that it is being reported that the LinkedIn password database was stolen and posted publically early this morning.
If you use LinkedIn, your password needs to be considered compromised, as well as any other site you use this password for. Itβs critical for you that these passwords be changed as soon as possible. The standard progression of this type of attack is: 1. Hackers post password hashes publically. (Done) 2. Criminal groups work together to rapidly crack and recover passwords. Depending on how complex your password was will determine how much time you have to change it. (In progress now) 3. Cracked accounts are then used to automatically attempt logins to more critical sites (PayPal, Amazon, banks, emails services) for further financial theft, identity theft, and/or privacy compromise. ___________________________________________ (Came from our IT. I haven't verified this. See PC World and other sources.) Last fiddled with by Batalov on 2012-06-06 at 18:48 |
|
|
|
2012-06-06, 20:20
|
#2 | |
|
Bamboozled!
"πΊππ·π·π"
May 2003
Down not across
250008 Posts |
Quote:
First, only 6.4 million password hashes have been released, out of a total of more than 150M. I have a copy of this file. Second, only the hashes have been released (so far) and not the accounts to which they correspond. Third, only around 250K plaintext passwords have been released in parallel with their SHA1 hashes. So far, I've only found a single file which contains about 160K of them; the others are reported to be out there but I've not yet found them. Fourth, there are very good grounds to suspect that only those accounts accessed through a iOS app have been compromised. My take: First, if your password hashes to one of those in the list you should undoubtedly change your password. On Linux this can be checked with sha1sum (*). Second, if you've used an iOS app to access LinkedIn you should probably change your password. Third, if a list of usernames corresponding to the hashes appears and your name is in that list, you should undoubtedly change your password whether or not your password appears in the list of those recovered. Paul (*) I verified that the hash of my LinkedIn password is not in the list of hashes by first typing my password into a file and editing that file to ensure that there was no extraneous whitespace, including any terminal newline. Then I ran "sha1sum passwd_file" to find the hash. A quick grep for that hash in the the compromised hashes file turned up nothing. I verified the procedure by using a known password/hash pair taken from the file of 160K compromised examples. |
|
|
|
|
|
2012-06-06, 20:40
|
#3 |
|
Bemusing Prompter
"Danny"
Dec 2002
California
2×5×239 Posts |
Thanks for the heads-up. I've changed my password just to be on the safe side.
|
|
|
|
|
2012-06-06, 21:13
|
#4 |
|
Basketry That Evening!
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88
11100001101012 Posts |
Where did you get the list of hashes and/or the compromised ones?
Last fiddled with by Dubslow on 2012-06-06 at 21:14 Reason: and/or... |
|
|
|
|
2012-06-06, 21:44
|
#5 | |
"Forget I exist"
Jul 2009
Dumbassville
26·131 Posts |
Quote:
Last fiddled with by science_man_88 on 2012-06-06 at 21:45 |
|
|
|
|
|
2012-06-06, 22:03
|
#6 |
Feb 2012
34·5 Posts |
So, how do they get passwords from the hashes; dictionary attack?
|
|
|
|
|
2012-06-07, 06:27
|
#7 | |
|
Bamboozled!
"πΊππ·π·π"
May 2003
Down not across
29×3×7 Posts |
Quote:
There are a number of time-memory trade-offs which may be used for cracking multiple hashes. For instance, the minimum memory trade-off runs the entire dictionary against each hash. The minimum-time version precomputes the hashes of each word in the dictionary and stores the result. Thereafter cracking a hashed password is a simple table look-up. Finding out what the term "rainbow table" means will teach you something about a particularly important intermediate case. Paul |
|
|
|
|
|
2012-06-07, 13:25
|
#8 |
|
Feb 2012
1038 Posts |
How can I get access to the file so I can check if my password is in there? I'm changing it anyway but I wish to be certain
Last fiddled with by voidme on 2012-06-07 at 13:25 |
|
|
|
|
2012-06-07, 13:37
|
#9 |
|
Feb 2012
67 Posts |
I found a site to check
http://leakedin.org/ Use at your own risk http://www.siliconrepublic.com/new-m...claims-to-let/ Last fiddled with by voidme on 2012-06-07 at 13:49 |
|
|
|
|
2012-06-07, 13:38
|
#10 |
|
Dec 2011
14310 Posts |
Be careful not to blame Rainbow Tables. They are just a tool, as GNFS is just a tool. Attacks based on the ideas of Rainbow Tables have been known for at least 30 years.
Defending against Rainbow Tables is trivially accomplished by use of a well-salted hash. There's really no excuse LinkedIn didn't salt the password hashes. BTW, an enterprising group has placed a tool online to let you check if your password has been exposed. Check out leakedin.org. DON"T SUPPLY YOUR OWN PASSWORD OR YOUR OWN PASSWORD HASH. The (unsalted) hashed password will be sent unencrypted via the Internet, and the Web Site at the other end, if they are nefarious, has the option of keeping your password hash. However, to see the scope of the released passwords, you can try entering dictionary words. Or try the names of your favorite contributors from these forums. 6.5 million is a lot of passwords, and LinkedIn users evidently pick some pretty awful passwords. |
|
|
|
|
2012-06-07, 13:42
|
#11 |
|
Feb 2012
67 Posts |
http://security.stackexchange.com/qu...e-leakedin-org
https://lastpass.com/linkedin/ "If you do want to check on the status of your linkedin password, I'd be more inclined to use the checker at lastpass. They've got a reputation in the security field to protect and also their page is using SSL, so less risk of your password being leaked.." Last fiddled with by voidme on 2012-06-07 at 13:47 |
|
|
|
 |
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Stolen Assignment? | CuriousKit | PrimeNet | 21 | 2017-08-13 03:34 |
| No Results Posted | a10001 | PrimeNet | 14 | 2015-12-23 01:37 |
| two factors posted for M1217 and M1259 | tha | Factoring | 3 | 2014-05-23 10:13 |
| I had my identity stolen by '24' | ewmayer | Lounge | 12 | 2010-02-04 21:26 |
| Linkedin anyone? | ET_ | Lounge | 0 | 2008-04-28 09:37 |
