LinkedIn password database compromised

Lynda shrdlu at deaddrop.org
Thu Jun 7 01:33:36 UTC 2012


Sorry to be the bearer of such bad tidings. Please note that I'm doing a 
quick copy/paste from a notification I received. I've edited it a bit.

Please note that LinkedIn has weighed in with a carefully worded blog post:

http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/

Further details:
1. The leak took place on June 4
2. LinkedIn was using unsalted SHA-1 for their password store.
3. FYI, there are two lists. The second one appears to be from eHarmony. 
Unsalted MD5 used there.
4. The posted passwords are believed to be ones the cracker wanted help 
with, i.e., they have significantly more already cracked.

Apparently phishing emails are already active in the wild based on the 
crack:

http://bits.blogs.nytimes.com/2012/06/06/that-was-fast-criminals-exploit-linkedin-breach-for-phishing-attacks/

In other words, if you have a LinkedIn account, expect that the password 
has been stolen. Go change your password now. If you used that password 
elsewhere, you know the routine. In addition, as has been pointed out 
elsewhere, there's no sign LI has fixed the problem. Expect that the 
password you change it to will also be compromised.

:-(

-- 
A picture is worth 10K words -- but only those to describe
the picture.  Hardly any sets of 10K words can be adequately
described with pictures.





More information about the NANOG mailing list