6.5 Million Encrypted LinkedIn Passwords Leaked Online

It’s not a good day for LinkedIn. After reports that its iOS app potentially violates user privacy by sending detailed calendar entries to its servers, comes a report that 6.46 million encrypted LinkedIn passwords have leaked online.

A Russian forum user claims he has hacked LinkedIn, uploading 6,458,020 encrypted passwords (without usernames) as proof.

The passwords are encrypted with the SHA-1 cryptographic hash function, used in SSL and TLS and generally considered to be relatively secure, but not foolproof. Unfortunately, it also seems that passwords are stored as unsalted hashes, which makes it much easier to decipher them using pre-computed rainbow tables.

In simple terms, this means an attacker might be able to crack many of the passwords using very cheap resources in a relatively short amount of time.

While there’s a possibility that the password collection is not genuine, some reports on Twitter add credibility to the story. LinkedIn said on Twitter it’s looking into the issue.

VIA: http://mashable.com/

2 thoughts on “6.5 Million Encrypted LinkedIn Passwords Leaked Online

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.