Wednesday, June 6, 2012

Passwords of 6.5 million users of LinkedIn leaks

If you have an account on LinkedIn, this is a good time to change your password. A user of a Russian forum claims to have gained access to millions of passwords for social network users.


To prove his feat, they leaked a file encrypted with exactly 6458020 combinations on the internet, but without their user names. Today is not a good day for the service: the story comes after the application to iOS LinkedIn being accused of violating the privacy of users.

As the developers of LinkedIn were smart enough not to store passwords in plaintext in the database, only the hashes of combinations leaked. All are encrypted in SHA-1, which makes the discovery of the passwords more difficult but not impossible, especially for users who have the habit of using very common combinations or words found in dictionaries.

It is true that the password file may be false as recently happened with Twitter, but reports from users on the Internet give credibility to the subject, as stated by The Verge.

Several of them found their password hashes in the middle of the file and some combinations point to the word "linkedin", which indicates that the codes are not random. The team announced that LinkedIn is investigating the case and checking users' information.Even today, the security company Skycure Security found that the LinkedIn application sends the data without permission of the calendars of users of iOS for the company's servers, including information such as subject, location, notes and schedule. To make matters worse, these details are sent in plain text, compounding the problem.

LinkedIn, in turn, said that everything is transmitted by SSL and never stores information of the schedule.As in any leak of passwords, the recommendation is to change your password as soon as possible on LinkedIn. If you used the same combination in other services, it is also important to change your password at all.