[Password Leak] LinkedIn database hacked

<< < (6/19) > >>

Nefario:
GLBSE uses BCrypt + salt

Stephen Gornick:
Quote

So far 3,427,202 passwords have cracked from LinkedIn List Almost 50%Its been about 24 hours - The longest? a 29 letter sentence from Bible

 - https://twitter.com/CrackMeIfYouCan/status/210474428407103490

So, the "username" (LinkedIn doesn't use usernames, so that's e-mail address) hasn't been leaked.   So 3.4 million email passwords, maybe a quarter (more, I'ld bet) used the same password as their email, and PayPal.  So presuming a party with malicious intent has control of close to a million valid email accounts and passwords .

So from there, I'm guessing access to the email accounts gives "forgot password" capability to bank accounts.   Most of those will be slowed by a "mother's maiden name" mulltifactor security question, ... but there's probably thousands (or tens of thousands) of bank accounts that will get compromised as a result of this.   PayPal, without having a security question hurdle even more.   Dwolla uses a PIN #, ... hopefully not a whole lot of people used 4321 or 9999 PIN codes for that.

Aye ,... this could be painful.

justusranvier:
Quote from: Stephen Gornick on June 06, 2012, 11:48:55 PM

Quote

So far 3,427,202 passwords have cracked from LinkedIn List Almost 50%Its been about 24 hours - The longest? a 29 letter sentence from Bible

 - https://twitter.com/CrackMeIfYouCan/status/210474428407103490

So, the "username" (LinkedIn doesn't use usernames, so that's e-mail address) hasn't been leaked.   So 3.4 million email passwords, maybe a quarter (more, I'ld bet) used the same password as their email, and PayPal.  So presuming a party with malicious intent has control of close to a million valid email accounts and passwords .

So from there, I'm guessing access to the email accounts gives "forgot password" capability to bank accounts.   Most of those will be slowed by a "mother's maiden name" mulltifactor security question, ... but there's probably thousands (or tens of thousands) of bank accounts that will get compromised as a result of this.   PayPal, without having a security question hurdle even more.   Dwolla uses a PIN #, ... hopefully not a whole lot of people used 4321 or 9999 PIN codes for that.

Aye ,... this could be painful.

I'm disappointed. According to LeakedIn my password is not part of the leak. It would have been interesting to see if anyone managed to crack my old password: h0NOl&tHgNr7ePTiayf7

BrightAnarchist:
This pisses me off. Really, I mean really?? I thought LinkedIn was supposed to be professional. Every newb knows that you always want some salt with your hash ( and maybe some eggs too ). Otherwise it's bland and tasteless.

BCB:
Check This out.
http://shiflett.org/blog/2012/jun/leakedin
Link to Chris Shiflet's blog and another link to "Leakedin"
Their leaked password checker. 

Happy Hunting....

Navigation

[0] Message Index

[#] Next page

[*] Previous page