Our Professional Social Network LinkedIn is not having a good day today. Reports says that LinkedIn iOS app potentially violates user privacy by sending detailed calender entries to its servers, comes a report that upto 6.46 million encrypted passwords have leaked online.
As a proof, a Russian forum user uploaded 6,458,020 encrypted passwords without the usernames and also claimed that he has hacked LinkedIn.
The passwords are encrypted with the SHA-1 cryptographic hash function, used in SSL and TLS and generally considered to be relatively secure, but not foolproof. Unfortunately, it also seems that passwords are stored as unsalted hashes, which it makes it much easier to decipher them using pre-computed rainbow tables.
In simple terms, this means an attacker might be able to crack many of the passwords using very cheap resources in a relatively short amount of time.
While there’s a possibility that the password collection is not genuine, some reports on Twitter add credibility to the story. LinkedIn said on Twitter it’s looking into the issue.
If you’re a LinkedIn user, we recommend you change your password right now. Furthermore, if you used that password on any other online service, we recommend you change those passwords as well.
As a proof, a Russian forum user uploaded 6,458,020 encrypted passwords without the usernames and also claimed that he has hacked LinkedIn.
The passwords are encrypted with the SHA-1 cryptographic hash function, used in SSL and TLS and generally considered to be relatively secure, but not foolproof. Unfortunately, it also seems that passwords are stored as unsalted hashes, which it makes it much easier to decipher them using pre-computed rainbow tables.
In simple terms, this means an attacker might be able to crack many of the passwords using very cheap resources in a relatively short amount of time.
While there’s a possibility that the password collection is not genuine, some reports on Twitter add credibility to the story. LinkedIn said on Twitter it’s looking into the issue.
If you’re a LinkedIn user, we recommend you change your password right now. Furthermore, if you used that password on any other online service, we recommend you change those passwords as well.
No comments:
Post a Comment