6.5M LinkedIn Passwords hacked Posted Online .big news social network LinkedIn has suffered a major breach of its password database says security proffesional. it is about a file containing 6.5 million unique hashed passwords appeared in an online forum based in Russia. More than 200,000 of these passwords have reportedly been cracked so far. The file only contains passwords hashed using the SHA-1 algorithm and does not include user names or any other data, security researchers say. However, the breach is so serious that security professionals are advising people to change their LinkedIn passwords immediately.
It's unknown at this point how the file ended up on a public forum or exactly which site the passwords originate from; however, signs indicate this is indeed a breach of LinkedIn. Many of the cracked passwords that have been published to the forum have the common term “LinkedIn” in them, Per Thorsheim a security advisor based in Norway, told PCWorld. While terms such as Facebook, Twitter and other common online networks are almost nonexistent. Thorsheim was one of the first security researchers to discover the leaked password file.
and What's a Hash?
An SHA-1 hash is an algorithm that converts your password into a unique set of numbers and letters. If your password is “LinkedIn1234,” for example, the SHA-1 hex output should always be “abf26a4849e5d97882fcdce5757ae6028281192a.” As you can see that is problematic since if you know the password is hashed with SHA-1, you can quickly uncover some of the more basic passwords that people commonly use. Often, random bits -- known as salting -- are added to a hash so that the output is harder to guess. But that does not appear to be the case with these leaked passwords.
What's also troubling security researchers is that the password database contains entirely unique passwords. It's unclear whether the people who leaked the password file have more passwords that have not surfaced online. The file may, for example, be an attempt to crowd source the hacking of some of the more difficult passwords. It's also unknown if the suspected attackers have user names or other data tying these passwords to actual users.
source http://www.pcworld.com/article/257045/65m_linkedin_passwords_posted_online_after_apparent_hack.html
At first, I did not believe that LinkedIn is hacked, until many Bloggers have posted something about this. Now we are in deep trouble.
ReplyDeleteBy: www.rickyzurvassocialmedia.com.au