[Password Leak] LinkedIn database hacked
realnowhereman:
Quote from: i_rape_bitcoins on June 06, 2012, 08:07:39 PM
"Just provide your password (which we hash with JavaScript; view source to verify) or a SHA-1 hash of your password below, and we'll check."
browser hashes password -----sends to server-----> server replies if hash matches.
Oh that's okay then... as long as it says "we're honest" on the website, it must be fine.
mcorlett:
Quote from: realnowhereman on June 06, 2012, 08:11:25 PM
Quote from: i_rape_bitcoins on June 06, 2012, 08:07:39 PM
"Just provide your password (which we hash with JavaScript; view source to verify) or a SHA-1 hash of your password below, and we'll check."
browser hashes password -----sends to server-----> server replies if hash matches.
Oh that's okay then... as long as it says "we're honest" on the website, it must be fine.
The source is available for anyone to read.
epetroel:
I expect that they didn't get all user's passwords.
I downloaded the leaked text file and verified that the hash of my password was NOT in there. Checked the hash of another friend from work here, and his wasn't either. So either they didn't get all the passwords, they got all the passwords but didn't release all of them, or the list is a fake. Probably one of the first two (i doubt it's a fake)
EDIT: Also, usernames were not included in the file. So either they don't have the usernames to go with the passwords or more likely they have them but just didn't release them. Probably just waiting to sell the username+password hash list to the highest bidder.
Serge:
they got 6.5mil out of 150million users
epetroel:
Quote from: Serge on June 06, 2012, 08:48:49 PM
they got 6.5mil out of 150million users
Well, there were 6.5 million distinct passwords. Considering many users pick the same bad passwords, that very likely represents a lot more than 6.5 million users.
Navigation
[0] Message Index
[#] Next page
[*] Previous page