On June 6, 2012, a user with alias 'dwdm' posted a message to InsidePro forum at http://forum.insidepro.com/viewtopic.php?p=96122 (thread removed) to get help from other users to crack over 6.4 million passwords from LinkedIn. The passwords were hashed with unsalted SHA1. The password list uploaded by the original poster at https://disk.yandex.net/disk/public/?hash=pCAcIfV7wxXCL/YPhObEEH5u5PKPlp%2BmuGtgOEptAS4%3D is no longer available. However, a copy of the list has been duplicated to several file sharing sites. Over 3.5 million of those hashes were found to begin with prefix '00000'. Several sources were quick to realize those hashes may have been cracked by the original poster. One of the sources came from one of the earliest news posting regarding the leak at https://news.ycombinator.com/item?id=4073309. LinkedIn has already published a blog post at http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/ to acknowledge the leak.

For a site ranked #12 in the world (see http://www.alexa.com/siteinfo/linkedin.com), one has to wonder why LinkedIn did not use a better hashing algorithm or least apply salt for each of the hashes. Despite this being just a list of hashed passwords, it is also likely the original poster has gotten a copy of the associated usernames/emails. We have published the list of the leaked SHA1 hashes in the table below. Although we do not show the cracked passwords in cleartext, it is worth noting that close to 70% of the 6.4 million hashes have actually been cracked in under 24 hours as per reported by https://twitter.com/CrackMeIfYouCan/status/210741592909287424. In other words, if you are on LinkedIn, you should change your password immediately to something strong and unique to that site only.

You will need the SHA1 value for your password to do a search or you may enter
your password below to get its SHA1 value. The SHA1 value is computed using your
web browser to ensure your password is never transmitted to our server.
e.g. 28a21d8fec78 (for 'suriamanja'); search results are capped at max. 1M records
ID Email / Username Password (SHA1 hash)
A valid search term is required!

© 2015 Dazzlepod   Privacy   Terms

Dazzlepod is in no way associated with individual or group that has originally leaked the information disclosed on this page. This disclosure is brought to the public to allow affected users to be aware of the leak and take the appropriate steps to secure their accounts and personal information.