The news comes right on the heels of yet another user security kerfuffle, as the most recent LinkedIn for iOS update was found to transmit users’ meeting notes back to LinkedIn servers without their permission.
Of the millions of passwords dumped, Dagen IT claims that nearly 300,000 of them have been decrypted so far and that number seems sure to grow as users spread that hefty file around.
The passwords are stored as unsalted SHA-1 hashes, and multiple reports on Twitter indicate that users have found their own hashes buried in the massive text dump. While unsalted hashes are much less secure than their salted brethren, it still takes a non-trivial amount of time to decrypt unless auser opted to use a common dictionary word as their password. It’s currently unknown whether or not the email addresses that correspond to those passwords have also been dumped, though if they are in someone’s possession, they apparently don’t feel like sharing.
Considering that LinkedIn reported back in February that 150 million people use the professional networking service (a number that has certainly grown since then), the breach represents a relatively small number ofusers. Though chances are slim that you yourself are personally affected — 6.5 million people makes up less than 5% of LinkedIn’s userbase.
Culled from http://m.techcrunch.com/2012/06/06/6-5-million-linkedin-passwords-reportedly-leaked-linkedin-is-looking-into-it/
0 comments:
Post a Comment
Your comments are appreciated.
Feel free to drop them and I will get back to you as soon as possible. Thanks.