Support from readers like you keeps The Journal open.
You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.
If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.
Almost 6.5million LinkedIn passwords apparently leaked online
A hacker in Russia claims to have gained access to millions of passwords and is seeking help in removing the encryption.
3.16pm, 6 Jun 2012
4.6k
28
LINKEDIN HAS TWEETED to say it’s investigating reports that millions of its users’ passwords have been stolen and posted online.
A Russian hacker has posted on an internet forum, claiming to have stolen 6.46 million passwords in an easily-solved ‘hashed’ form.
The Verge reports that while while the hacker’s claims have yet to be verified, it looks likely that both usernames and passwords may have been downloaded, while several users said that they found their real passwords contained in the information posted online.
Advertisement
It’s also reported that the hacker has sought the help of others to help him with revealing the passwords.
According to CNET this news comes soon after security researchers said that LinkedIn has been collecting information via its app – calendar entries, passwords and meeting notes, without the users’ knowledge.
LinkedIn has responded to the claims, stating that it does not store calendar information on its servers, and that meeting notes data will no longer will no longer be sent to its servers.
LinkedIn has also said that it asks users’ permission before accessing their calendar, and that this will continue to be an opt-in feature.
Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article.
Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.
I have it, I have your email too, I will send it on to you, along with a offer I have 10 million stuck in a bank in Nigeria, I just need your bank a/c number and u can keep half!!! Quick b4 somebody else volunteers
ahhh but I bet that you still get linkin requests everyother day informing you that all your friends have changed information or would you like to add….
If him and crackers like him didn’t bother then companies wouldn’t bother putting any effort into securing your data. If this raises awareness then it’s a good thing.
A semi targeted list of that size would be pretty valuable on the black market. It could generate in the order of $100,000 .. Providing you had enough bandwidth , proxies, and processing power!
Nobody has anything to worry about. They’re hashed in SHA-1 which is not easily breakable or even worth your time for a linkedin account. Even if you find a collision it takes 80,000 CPU hours and there are still 2^51 possibilities… I would advise the journal to remove the part in the article where it says they’re “easily solved”.
80k CPU hours? OMG!
What cpu are you talking about? the one in my watch? or a standard machine?
How can you have such an exact number of hours, when every CPU and every hash is different?
or how about the combined resources of a 100k+ seat botnet? (this type of task is easily enough bought on the very same russian forum where the list first went public)
Secondly, you can compare the list of hashes to a list of already cracked hashes-> password table.
In other words, if your password was “password1″, that info can be easily gotten from the table that was posted.
You sound like a computer science student who knows the theory but not the practical use.
“nothing to worry about”, well… actually yes, many people do have something to worry about if they had used an insecure password that the attackers already know the hash to.
@Fulano
I think it said average dual core CPUs. Well you can say that if you say “average” :P
Well it took a super computer something like 13 hours to crack one password. These people are after a linkedin password which mightn’t necessarily by the same as people’s other account password. It seems like a waste of time to me. I think he’s simply showing off that he can get the passwords in the first place.
Ah don’t worry, I know aobut rainbow tables. I used them once for a college project, or at least something along the lines of them. You are right though that you’ll get the “password1″ people with them very quickly but anyone who put any effort into their password will be VERY hard to get.
Fulano is absolutely right. What this article is implying is that the data stored was unsalted and that a simple rainbow table lookup would sort out the problem. The only issue is generating said rainbow table, that’s where the botnet comes into play. Its child’s play when you know what you’re doing.
They got the hashes aka the encrypted form of the password. It takes time & effort to decode them. Just change your password if you feel it’s not strong enough.
At least the passwords were hashed. A lot of companies don’t bother. I assume they are also salted or he would probably not need help cracking them. That’s about as secure a form as you can store a password in while still having it be useful, so kudos to linkedin on that. Obviously, not so good that they lost their user database…
Irish charity shops seeing 'massive influx' of Shein clothes - often never worn
28 mins ago
431
1
PSNI
Man wanted in Germany to stand trial for child sex offences arrested in Portadown
2 hrs ago
4.6k
Cavan
Woman killed in Cavan home named locally, as gardaí launch murder investigation
Updated
15 hrs ago
88.9k
Your Cookies. Your Choice.
Cookies help provide our news service while also enabling the advertising needed to fund this work.
We categorise cookies as Necessary, Performance (used to analyse the site performance) and Targeting (used to target advertising which helps us keep this service free).
We and our 138 partners store and access personal data, like browsing data or unique identifiers, on your device. Selecting Accept All enables tracking technologies to support the purposes shown under we and our partners process data to provide. If trackers are disabled, some content and ads you see may not be as relevant to you. You can resurface this menu to change your choices or withdraw consent at any time by clicking the Cookie Preferences link on the bottom of the webpage .Your choices will have effect within our Website. For more details, refer to our Privacy Policy.
We and our vendors process data for the following purposes:
Use precise geolocation data. Actively scan device characteristics for identification. Store and/or access information on a device. Personalised advertising and content, advertising and content measurement, audience research and services development.
Cookies Preference Centre
We process your data to deliver content or advertisements and measure the delivery of such content or advertisements to extract insights about our website. We share this information with our partners on the basis of consent. You may exercise your right to consent, based on a specific purpose below or at a partner level in the link under each purpose. Some vendors may process your data based on their legitimate interests, which does not require your consent. You cannot object to tracking technologies placed to ensure security, prevent fraud, fix errors, or deliver and present advertising and content, and precise geolocation data and active scanning of device characteristics for identification may be used to support this purpose. This exception does not apply to targeted advertising. These choices will be signaled to our vendors participating in the Transparency and Consent Framework.
Manage Consent Preferences
Necessary Cookies
Always Active
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then these services may not function properly.
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not be able to monitor our performance.
Store and/or access information on a device 95 partners can use this purpose
Cookies, device or similar online identifiers (e.g. login-based identifiers, randomly assigned identifiers, network based identifiers) together with other information (e.g. browser type and information, language, screen size, supported technologies etc.) can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here.
Personalised advertising and content, advertising and content measurement, audience research and services development 123 partners can use this purpose
Use limited data to select advertising 93 partners can use this purpose
Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are (or have been) interacting with (for example, to limit the number of times an ad is presented to you).
Create profiles for personalised advertising 68 partners can use this purpose
Information about your activity on this service (such as forms you submit, content you look at) can be stored and combined with other information about you (for example, information from your previous activity on this service and other websites or apps) or similar users. This is then used to build or improve a profile about you (that might include possible interests and personal aspects). Your profile can be used (also later) to present advertising that appears more relevant based on your possible interests by this and other entities.
Use profiles to select personalised advertising 67 partners can use this purpose
Advertising presented to you on this service can be based on your advertising profiles, which can reflect your activity on this service or other websites or apps (like the forms you submit, content you look at), possible interests and personal aspects.
Create profiles to personalise content 32 partners can use this purpose
Information about your activity on this service (for instance, forms you submit, non-advertising content you look at) can be stored and combined with other information about you (such as your previous activity on this service or other websites or apps) or similar users. This is then used to build or improve a profile about you (which might for example include possible interests and personal aspects). Your profile can be used (also later) to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests.
Use profiles to select personalised content 28 partners can use this purpose
Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services (for instance, the forms you submit, content you look at), possible interests and personal aspects. This can for example be used to adapt the order in which content is shown to you, so that it is even easier for you to find (non-advertising) content that matches your interests.
Measure advertising performance 115 partners can use this purpose
Information regarding which advertising is presented to you and how you interact with it can be used to determine how well an advert has worked for you or other users and whether the goals of the advertising were reached. For instance, whether you saw an ad, whether you clicked on it, whether it led you to buy a product or visit a website, etc. This is very helpful to understand the relevance of advertising campaigns.
Measure content performance 56 partners can use this purpose
Information regarding which content is presented to you and how you interact with it can be used to determine whether the (non-advertising) content e.g. reached its intended audience and matched your interests. For instance, whether you read an article, watch a video, listen to a podcast or look at a product description, how long you spent on this service and the web pages you visit etc. This is very helpful to understand the relevance of (non-advertising) content that is shown to you.
Understand audiences through statistics or combinations of data from different sources 67 partners can use this purpose
Reports can be generated based on the combination of data sets (like user profiles, statistics, market research, analytics data) regarding your interactions and those of other users with advertising or (non-advertising) content to identify common characteristics (for instance, to determine which target audiences are more receptive to an ad campaign or to certain contents).
Develop and improve services 74 partners can use this purpose
Information about your activity on this service, such as your interaction with ads or content, can be very helpful to improve products and services and to build new products and services based on user interactions, the type of audience, etc. This specific purpose does not include the development or improvement of user profiles and identifiers.
Use limited data to select content 33 partners can use this purpose
Content presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type, or which content you are (or have been) interacting with (for example, to limit the number of times a video or an article is presented to you).
Use precise geolocation data 39 partners can use this special feature
With your acceptance, your precise location (within a radius of less than 500 metres) may be used in support of the purposes explained in this notice.
Actively scan device characteristics for identification 23 partners can use this special feature
With your acceptance, certain characteristics specific to your device might be requested and used to distinguish it from other devices (such as the installed fonts or plugins, the resolution of your screen) in support of the purposes explained in this notice.
Ensure security, prevent and detect fraud, and fix errors 77 partners can use this special purpose
Always Active
Your data can be used to monitor for and prevent unusual and possibly fraudulent activity (for example, regarding advertising, ad clicks by bots), and ensure systems and processes work properly and securely. It can also be used to correct any problems you, the publisher or the advertiser may encounter in the delivery of content and ads and in your interaction with them.
Deliver and present advertising and content 87 partners can use this special purpose
Always Active
Certain information (like an IP address or device capabilities) is used to ensure the technical compatibility of the content or advertising, and to facilitate the transmission of the content or ad to your device.
Match and combine data from other data sources 64 partners can use this feature
Always Active
Information about your activity on this service may be matched and combined with other information relating to you and originating from various sources (for instance your activity on a separate online service, your use of a loyalty card in-store, or your answers to a survey), in support of the purposes explained in this notice.
Link different devices 46 partners can use this feature
Always Active
In support of the purposes explained in this notice, your device might be considered as likely linked to other devices that belong to you or your household (for instance because you are logged in to the same service on both your phone and your computer, or because you may use the same Internet connection on both devices).
Identify devices based on information transmitted automatically 75 partners can use this feature
Always Active
Your device might be distinguished from other devices based on information it automatically sends when accessing the Internet (for instance, the IP address of your Internet connection or the type of browser you are using) in support of the purposes exposed in this notice.
Save and communicate privacy choices 54 partners can use this special purpose
Always Active
The choices you make regarding the purposes and entities listed in this notice are saved and made available to those entities in the form of digital signals (such as a string of characters). This is necessary in order to enable both this service and those entities to respect such choices.
have your say