Skip to content
Support Us

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Sheila Scarborough via Flickr/Creative Commons

Almost 6.5million LinkedIn passwords apparently leaked online

A hacker in Russia claims to have gained access to millions of passwords and is seeking help in removing the encryption.

LINKEDIN HAS TWEETED to say it’s investigating reports that millions of its users’ passwords have been stolen and posted online.

A Russian hacker has posted on an internet forum, claiming to have stolen 6.46 million passwords in an easily-solved ‘hashed’ form.

The Verge reports that while while the hacker’s claims have yet to be verified, it looks likely that both usernames and passwords may have been downloaded, while several users said that they found their real passwords contained in the information posted online.

It’s also reported that the hacker has sought the help of others to help him with revealing the passwords.

According to CNET this news comes soon after security researchers said that LinkedIn has been collecting information via its app – calendar entries, passwords and meeting notes, without the users’ knowledge.

LinkedIn has responded to the claims, stating that it does not store calendar information on its servers, and that meeting notes data will no longer will no longer be sent to its servers.

LinkedIn has also said that it asks users’ permission before accessing their calendar, and that this will continue to be an opt-in feature.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
28 Comments
    Install the app to use these features.
    Mute Chris lynch
    Favourite Chris lynch
    Report
    Jun 6th 2012, 4:02 PM

    Where can I find this list – I forget my password

    62
    Install the app to use these features.
    Mute PunchUinFACE
    Favourite PunchUinFACE
    Report
    Jun 6th 2012, 5:27 PM

    I have it, I have your email too, I will send it on to you, along with a offer I have 10 million stuck in a bank in Nigeria, I just need your bank a/c number and u can keep half!!! Quick b4 somebody else volunteers

    36
    Install the app to use these features.
    Mute Seán Ó Briain
    Favourite Seán Ó Briain
    Report
    Jun 6th 2012, 3:24 PM

    I changed my password to sexygirl1234 – They’ll never guess it now!

    62
    Install the app to use these features.
    Mute Damocles
    Favourite Damocles
    Report
    Jun 6th 2012, 3:26 PM

    I changed my password and I’m not going to say what I changed it to … cunning huh?

    38
    Install the app to use these features.
    Mute Seán Ó Briain
    Favourite Seán Ó Briain
    Report
    Jun 6th 2012, 3:27 PM

    Is it sexygirl1234?

    74
    Install the app to use these features.
    Mute Damocles
    Favourite Damocles
    Report
    Jun 6th 2012, 3:30 PM

    I’m not saying.

    40
    Install the app to use these features.
    Mute Barry O'Brien
    Favourite Barry O'Brien
    Report
    Jun 6th 2012, 3:44 PM

    This just reminded me to delete my linkedin account. I haven’t even logged in in years.

    35
    Install the app to use these features.
    Mute john mack
    Favourite john mack
    Report
    Jun 6th 2012, 10:46 PM

    ahhh but I bet that you still get linkin requests everyother day informing you that all your friends have changed information or would you like to add….

    4
    Install the app to use these features.
    Mute Kevin O' Brien
    Favourite Kevin O' Brien
    Report
    Jun 6th 2012, 3:27 PM

    All I want to know is why did he bother? He must really have nothing to do with his time and probable talent….

    28
    Mick
    Install the app to use these features.
    Mute Mick
    Favourite Mick
    Report
    Jun 6th 2012, 3:34 PM

    Some men just want to watch the world burn :)

    48
    Install the app to use these features.
    Mute Barry O'Brien
    Favourite Barry O'Brien
    Report
    Jun 6th 2012, 3:47 PM

    If him and crackers like him didn’t bother then companies wouldn’t bother putting any effort into securing your data. If this raises awareness then it’s a good thing.

    32
    See 2 more replies ▾
    Install the app to use these features.
    Mute David Kennedy
    Favourite David Kennedy
    Report
    Jun 6th 2012, 6:53 PM

    A semi targeted list of that size would be pretty valuable on the black market. It could generate in the order of $100,000 .. Providing you had enough bandwidth , proxies, and processing power!

    3
    Install the app to use these features.
    Mute Stray Mutt
    Favourite Stray Mutt
    Report
    Jun 6th 2012, 11:42 PM

    Cyber crime is an issue urgently needing attention.

    6
    Install the app to use these features.
    Mute Robert Kelly
    Favourite Robert Kelly
    Report
    Jun 6th 2012, 4:42 PM

    Nobody has anything to worry about. They’re hashed in SHA-1 which is not easily breakable or even worth your time for a linkedin account. Even if you find a collision it takes 80,000 CPU hours and there are still 2^51 possibilities… I would advise the journal to remove the part in the article where it says they’re “easily solved”.

    18
    Install the app to use these features.
    Mute Matthew Gleeson
    Favourite Matthew Gleeson
    Report
    Jun 6th 2012, 5:06 PM

    Hon Rob!

    8
    Install the app to use these features.
    Mute Fulano de Tal
    Favourite Fulano de Tal
    Report
    Jun 6th 2012, 6:43 PM

    80k CPU hours? OMG!
    What cpu are you talking about? the one in my watch? or a standard machine?
    How can you have such an exact number of hours, when every CPU and every hash is different?
    or how about the combined resources of a 100k+ seat botnet? (this type of task is easily enough bought on the very same russian forum where the list first went public)

    Secondly, you can compare the list of hashes to a list of already cracked hashes-> password table.
    In other words, if your password was “password1″, that info can be easily gotten from the table that was posted.

    You sound like a computer science student who knows the theory but not the practical use.
    “nothing to worry about”, well… actually yes, many people do have something to worry about if they had used an insecure password that the attackers already know the hash to.

    11
    See 3 more replies ▾
    Install the app to use these features.
    Mute Robert Kelly
    Favourite Robert Kelly
    Report
    Jun 6th 2012, 7:05 PM

    @Fulano
    I think it said average dual core CPUs. Well you can say that if you say “average” :P

    Well it took a super computer something like 13 hours to crack one password. These people are after a linkedin password which mightn’t necessarily by the same as people’s other account password. It seems like a waste of time to me. I think he’s simply showing off that he can get the passwords in the first place.

    Ah don’t worry, I know aobut rainbow tables. I used them once for a college project, or at least something along the lines of them. You are right though that you’ll get the “password1″ people with them very quickly but anyone who put any effort into their password will be VERY hard to get.

    5
    Install the app to use these features.
    Mute Ian Breslin
    Favourite Ian Breslin
    Report
    Jun 6th 2012, 7:08 PM

    Fulano is absolutely right. What this article is implying is that the data stored was unsalted and that a simple rainbow table lookup would sort out the problem. The only issue is generating said rainbow table, that’s where the botnet comes into play. Its child’s play when you know what you’re doing.

    2
    Install the app to use these features.
    Mute B Collins
    Favourite B Collins
    Report
    Jun 6th 2012, 11:18 PM

    Some fairly reputable companies disagree with you on SHA-1 and suggest moving to SHA-256.
    http://blogs.cisco.com/security/next-generation-encryption/

    1
    Install the app to use these features.
    Mute Patrick Slattery
    Favourite Patrick Slattery
    Report
    Jun 6th 2012, 4:15 PM

    They got the hashes aka the encrypted form of the password. It takes time & effort to decode them. Just change your password if you feel it’s not strong enough.

    10
    Lamb
    Install the app to use these features.
    Mute Lamb
    Favourite Lamb
    Report
    Jun 6th 2012, 5:52 PM

    Haven’t seen this in other news yet. Thanks for the heads up Emer

    3
    Install the app to use these features.
    Mute random
    Favourite random
    Report
    Jun 6th 2012, 4:49 PM

    At least the passwords were hashed. A lot of companies don’t bother. I assume they are also salted or he would probably not need help cracking them. That’s about as secure a form as you can store a password in while still having it be useful, so kudos to linkedin on that. Obviously, not so good that they lost their user database…

    3
    Install the app to use these features.
    Mute Matthew Gleeson
    Favourite Matthew Gleeson
    Report
    Jun 6th 2012, 5:07 PM

    they were unsalted… like a poor mans chips.

    14
    Install the app to use these features.
    Mute Seán Ó Briain
    Favourite Seán Ó Briain
    Report
    Jun 6th 2012, 5:09 PM

    Just saw this post on twitter from someone who’s password was compromised – not looking very good :(

    “The leaked LinkedIn hash data contains a hash that matches my (now former) pw: P2X7\5b7″Q3YB}5 8e9d656b876e16b91a90ab53d94f6b1af010a581″

    3
    See 1 more reply ▾
    Install the app to use these features.
    Mute random
    Favourite random
    Report
    Jun 6th 2012, 5:32 PM

    No salting, how ’bout that. Bloody eejits.

    3
    Install the app to use these features.
    Mute Shane Hickey
    Favourite Shane Hickey
    Report
    Jun 6th 2012, 4:42 PM

    is say most of them apre paddword1

    1
    Install the app to use these features.
    Mute Shane Hickey
    Favourite Shane Hickey
    Report
    Jun 6th 2012, 4:43 PM

    oops password1

    1
    Install the app to use these features.
    Mute Finbar Walsh
    Favourite Finbar Walsh
    Report
    Jun 6th 2012, 6:19 PM

    No, I’ve taken that one

    11
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.
JournalTv
News in 60 seconds