"To the best of our knowledge, no email logins associated with the passwords have been published, nor have we received any verified reports of unauthorized access to any member’s account as a result of this event." Why LinkedIn omitted this important fact evades me. This means more than 60 percent of the passwords had been decrypted. Security firm Sophos later said the leaked cache listed 5.8 million unique passwords with 3.5 million already cracked.
#Linkedin leaked passwords list cracked
But SHA-1 requires 'salt' to boost security, and 'unsalted' passwords can be cracked with relative ease using look-up tables or brute-force tools. In LinkedIn's case, SHA-1 was used to hash the passwords.
Most of these were weak - "password" and "123456" among others.Īs CNET's Elinor Mills explains, the passwords were not stored in plain text, but were "hashed". Most of the passwords on the list appear to remain hashed and hard to decode, but unfortunately a small subset of the hashed passwords was decoded and published."įrom almost the word go, more than 300,000 passwords had been cracked.
"Yesterday we learned that approximately 6.5 million hashed LinkedIn passwords were posted on a hacker site. The 'professional' social network said a lot of things in its company blog post, but crucially left out vital details. As one of my colleagues put it, the blog post itself is "bizarrely" written. Henke is listed as being responsible for "p roduction operations, IT, data systems, and security."īut there appears to be no person at the top of the chain of command who is leading the risk management or information security strategy. "We don't currently have executives with those specific titles, but Kevin Scott, senior vice president, engineering, and David Henke, senior vice president, operations, oversee the functions," a LinkedIn spokesperson told InfoRiskToday's Eric Chabrow.Ĭhabrow notes Scott's and Henke's resumes are "impressive" and appear "well-versed." They have to be. Perhaps if LinkedIn had a chief information officer (CIO), or a chief information security officer (CISO), it may have done? The company could have foreseen a security issue. It's believed the passwords were hashed but measures were not taken to bolster the algorithm's security - a process known as 'salting'. LinkedIn has taken to its company blog to explain what it is doing to mitigate a data breach that led to 6.46 million account passwords leaking online. Ukrainian developers share stories from the war zone The best Wi-Fi router for your home office 3G shutdown is underway: Check your devices now
0 kommentar(er)
