Reports of 6.5 million LinkedIn password hashes being leaked for certain users went out this Wednesday. Users are both concerned and apprehensive about the fact that whether they are a victim as well.
With the amount of personal and professional information available on this platform, the growing concern led 'LeakedIn
' to emerge. A New York based web developer has come out with a web app 'LeakedIn
The issue in hand is the fact that whether the leaked passwords has been 'cracked' as well. Not all of the hashes in the list have been converted to original passwords yet, but hackers are likely to be working on it. The number of characters in your password would determine the amount of time the 'cracking' would require.
This massive leak of passwords is an effect of LinkedIn using unsalted hashes. Salting is a process that involves inserting random characters into the hash that make it more difficult for people trying a brute-force attack.
LinkedIn on its official blog has responded to the fears mentioning customer security as its primary concern and stating that all the users whose passwords have been compromised would soon receive an email asking them for a password reset. These emails will not have direct links for password reset, but will include a multi-step process to verify the user. LinkedIn also states that it would now be working on 'salting' its password hashes. This enormous breach has brought extreme disappointment amidst the users.
: You should change your LinkedIn password before
you use LeakedIn and then enter your old
password to see if your password was leaked. We do not recommend sharing your current LinkedIn (or any other) password with any third-party website.