On June 6, 2012, a user with alias 'dwdm' posted a message to InsidePro forum at http://forum.insidepro.com/viewtopic.php?p=96122 (thread removed) to get help from other users to crack over 6.4 million passwords from LinkedIn. The passwords were hashed with unsalted SHA1. The password list uploaded by the original poster at https://disk.yandex.net/disk/public/?hash=pCAcIfV7wxXCL/YPhObEEH5u5PKPlp%2BmuGtgOEptAS4%3D is no longer available. However, a copy of the list has been duplicated to several file sharing sites. Over 3.5 million of those hashes were found to begin with prefix '00000'. Several sources were quick to realize those hashes may have been cracked by the original poster. One of the sources came from one of the earliest news posting regarding the leak at https://news.ycombinator.com/item?id=4073309. LinkedIn has already published a blog post at http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/ to acknowledge the leak.
For a site ranked #12 in the world (see http://www.alexa.com/siteinfo/linkedin.com), one has to wonder why LinkedIn did not use a better hashing algorithm or least apply salt for each of the hashes. Despite this being just a list of hashed passwords, it is also likely the original poster has gotten a copy of the associated usernames/emails. We have published the list of the leaked SHA1 hashes in the table below. Although we do not show the cracked passwords in cleartext, it is worth noting that close to 70% of the 6.4 million hashes have actually been cracked in under 24 hours as per reported by https://twitter.com/CrackMeIfYouCan/status/210741592909287424. In other words, if you are on LinkedIn, you should change your password immediately to something strong and unique to that site only.
|ID||Email / Username||Password (SHA1 hash)|
|A valid search term is required!|