6.5 Million LinkedIn Passwords Get Leaked

linklockIf you are LinedIn user, which most probably you are, then go to your LinkedIn account right away to immediately change your password. Even better, if you have this habit of using similar password over number of websites then try changing your password across all the websites.

This is because passwords of over 6.5 million LinkedIn users were dumped (or made available in zipped format) on to a Russian hacking forum.

It is yet to ascertain if hacker was able to retrieve corresponding email addresses these passwords as well or he was able to get hold of the passwords only.

LinkedIn has confirmed the security breach. It said in a blog post:

We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts.

If you want to make sure that your password was leaked out or not, head to this URL: http://www.leakedin.org/ and type your password. This website will compare your password with leaked out passwords to tell you the situation.

LinkedIn, a social networking website for professionals, has over 150 million registered users, suggesting that this security breach could have impacted at least 10 percent of total LinkedIn user base.

  • The files only included passwords and not corresponding email addresses, which means that people who download the files and unscramble the passwords will not easily be able to access any accounts with compromised passwords.

    • this is not confirmed as yet! they say, they are not sure about leaking of email addresses / user names.

      so its better to change the password if its in the leaked ones!

  • The above mentioned url is not looking appropriate to me as how can I be sure that same password is not being used by some one else !

  • I have same concerns. What is the authenticity of this link. what if passwords entered are also getting dumped by hackers?

  • I analyzed the source code of the provided website and it’s pretty safe. It’s hashed using sha-1 (which cannot be decrypted per se, only brute forced) and then submitted to server to find a match in the prehashed leaked passwords list. Your plain password is NOT sent to the server.

    Note that the database that was leaked contained hashed passwords which have to be cracked individually using brute force or rainbow tables (more likely GPU brute force).

    Either way, the leakedin site is safe.

    • yes I checked and it only transmits the sha1 hash BUT if stolen hashed passwords can be cracked then what makes you think that password hash sent by this leakedin.org can not be cracked :-)
      I think it is NOT safe to share your password in any form (hashed or raw) with any one. If password hashes are leaked then its better to change your password.

  • Its better to change password or else we should wait for them to change it for us :D

  • It is very unfortunate that in todays digital world our personal information is leaked out .
    Should we stop providing our information to all sites?
    What is the solution for all such cases?
    So alarming situation for us.

  • Guys! think before you do.. Who owns this site “http://www.leakedin.org/” ?? Definitely not Linkedin!

    Don’t enter your password there. They don’t know your password yet but they will when you try to check it there.

  • >