New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
linkedin db on the loose
If you have a linkedin.account, change your password
Comments
damn. Plain text? are they nuts?
Not plaintext - sha-1 hashed, unsalted. Still bruteforceable.
It says:
@netomx this is different issue, not related to the password database leak.
The real issue is not so much the linkedin password per se, but the fact that most people use one or two passwords for everything.
checked the file a few hours ago, my pass wasnt in it. linkedin states it is an old leak.
how can i check that?
sorry, WHERE haha
Oh man that sucks for linkedin (not that i ever use it )
give me your password and I'll check
Something I came across on this:
https://news.ycombinator.com/item?id=4073309
plaint-text? is: iLoVeMysElF2000 hahahaha jk
simple:
download this:
https://disk.yandex.net/disk/public/?hash=pCAcIfV7wxXCL/YPhObEEH5u5PKPlp+muGtgOEptAS4=
sha1 hash your password
check if its on the list
$$$ PROFIT
Well the hack is partial, happened before last November, or a backup from then was leaked. I signed up then, and my password ain't in there.
Linkedin asks you to give them your email address and password, so they can search your contact list. I wonder how safe that is... not that i would even consider giving them my email password.
404'd
My password isnt there, in either SHA1 hash or my legit password (that's different to everything else, anyhow), I used http://leakedin.org/ to check mine. Might be useful.
That looks like a hacker's crowdsourcing effort.
I'm sure the weakest of the bunch who thinks having illegal dbs makes them cool will post it here and the mods will shrug it off like last time.
Anyway from what i've read on a tech site it appears it was only passes, not user names as well.
Yeah mine was not on that list either, changed anyways. Anyone have a older account 2+ years that had their password in it?
Well my password isn't in it. Granted they are given to that site now! But my LinkedIn was one of the last places the old "single password" was used. I think I've pretty much got them all now.
Confirmed...
Looks like not all passwords were "leaked"
http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/
http://blog.linkedin.com/2012/06/06/updating-your-password-on-linkedin-and-other-account-security-best-practices/
if somebody needs a file mirror, PM me
In my opinion, the potential good that can come from posting it far outweighs the potential bad that can come from it. Anyone with bad intentions for it would already have it or know where to get it from.
I got a copy myself. 123.9MB
combo_not.txt
http://pastebin.com/KF2b84XP
You could just run that
Nicely done :-)