Multiple security experts are now corroborating claims that Russian hackers have posted the passwords for millions of LinkedIn accounts.
To check whether your password has been leaked, visit LeakedIn, a site by developers including Chris Shiflett, whose password was among those stolen. LeakedIn will convert a password to a an SHA-1 hash and check it against a database of the pilfered passwords.
“Since this isn’t very straightforward, a few friends and I thought it would be good idea to make a simple app that lets you check to see if you’re a victim,” Shiflett wrote. “In fact, while we were talking about what a good idea it would be, Sean made a quick prototype.”
The LeakedIn site seems to be experiencing a heavy load right now, but it worked for us after a few tries.
Shiflett says that, like many users, he uses the same password for multiple sites. Anybody else who does so and whose LinkedIn password has been compromised should change all those passwords immediately – especially if their password contains the name of one of the sites it is used on, a not-uncommon practice.
It’s good form not to use the same password across multiple sites, though it’s an easy, guilty fix for many. Though a list of email addresses that correspond with the passwords has not yet been released, experts warn that it could exist somewhere, and could even be in circulation online.
It appears that following the leak, LinkedIn put a CAPTCHA requirement on logins, to combat automated attempts to hijack accounts, though it has not yet released its own tool for users to see if their passwords have been leaked, and is not linking to LeakedIn at the time of publication. The password debacle is another image hit for LinkedIn, which ran into trouble recently for transmitting calendar data from its iOS app in plain text, a security no-no.
Shiflett’s advice is akin to that of medical professionals to individuals who might have been exposed to an STI: get yourself checked.
“Please let me know if you’re one of the lucky ones or a fellow victim,” he wrote, impishly. “Maybe we can form a support group.”
Image: Walt Disney
View Comments (3)
So to determine if my password was stolen, I should type it in on some random dude's website. Hmm...
@MikeDaly A villain who spent years building a web identity so that in the event that LinkedIn's passwords were stolen, he could pass the Google test and re-steal them? That guy probably deserves my password at this point.
Someone is now regretting choosing "123456" as a password...