LinkedIn Password Hashes Leaked Online 271
jones_supa writes "A user in a Russian forum is claiming to have hacked LinkedIn to the tune of almost 6.5 million account details. The user uploaded 6,458,020 SHA-1 hashed passwords, but no usernames. Several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list. The Verge spoke with Mikko Hyppönen, Chief Research Officer at F-Secure, who thinks this is a real collection. He told us he is 'guessing it's some sort of exploit on their web interface, but there's no way to know.' We will have to wait for LinkedIn to report back to be sure what exactly has happened."
An anonymous reader tipped us to related news: The LinkedIn iOS application harvests information from your calendar and transmits it to their servers unencrypted.
It's not an exploit, it's a feature! (Score:5, Funny)
Plain text (Score:5, Funny)
This sort of vulnerability is exactly why I avoid storing passwords in hash form. I always store passwords in plain text form. It's much more secure.
Good! (Score:5, Funny)
Re:Plain text (Score:5, Funny)
This sort of vulnerability is exactly why I avoid storing passwords in hash form. I always store passwords in plain text form. It's much more secure.
Y'know what fools the black-hats every time? Store the passwords in plaintext; but require all users to create a password consisting of exactly 64 hexadecimal characters... Even better, we all know that users hate security, so more user hatred = more secure. And this system is Super Secure.
Re:Could someone please look up my password for me (Score:5, Funny)
Try the following password: 12345
Sincerely Boris
A New Euphemism! (Score:5, Funny)
"Harvested" -- I love it!
"Bernie Madoff harvested money from his investors."
"H.I. harvested diapers from the convenience store."
"LinkedIn harvested private data from my phone."
They're doing you a favor by "harvesting". Because it's not doing anyone any good if it remains "unharvested".
Re:Plain text (Score:5, Funny)
Won't work, local policy prevents repeated numbers, and letters must be a mix of upper and lower case, and no sequential numbers. (I only wish I were kidding)
Re:Could someone please look up my password for me (Score:5, Funny)
Thank you Boris, but that is my luggage combination, not my linkedin password.
Admittedly my luggage is more important to me than my linkedin account, but...
Re:Could someone please look up my password for me (Score:5, Funny)
I can clearly see that it's hunter2.
Re:Plain text (Score:3, Funny)
The password "Password" is not allowed, but "pissword" is because it contains a number!
Re:Plain text (Score:5, Funny)