How to Check If Your LinkedIn Password Was Stolen

By: DoYouKnow.IN | Views: 988 | Date: 15-Jun-2012

Worried that your LinkedIn password may be a part of the nearly 6.5 million compromised on Wednesday? Password management firm LastPass has released a secure tool to see if your password was among the stolen.

Worried that your LinkedIn password may be a part of the nearly 6.5 million compromised on Wednesday? Password management firm LastPass has released a secure tool to see if your password was among the stolen.

News first surfaced about the security breach after a Russian hacker said he stole 6,458,020 encrypted LinkedIn passwords and posted them online (without usernames) to prove his feat. The breach comes on the heels of news that LinkedIn’s iOS app potentially violates user privacy by sending detailed calendar entries to its servers.

Linkedin Password Hacked

LinkedIn confirmed that some passwords had become compromised and said it would contact affected users with details on how to change their password.

Although usernames associated with the passwords were not released, the passwords themselves will surely be used to help reverse-engineer other cryptography systems. We also expect to see these passwords added to dictionary lists of programs that attempt to break into various accounts.

In other words — if you’re a LinkedIn user, no matter how strong your password seemed — it’s a good idea to go ahead and change it.

How This Works

If you’re a cynical web user when it comes to privacy and security — of course you are, right? — then you’re probably asking yourself whether or not a site where you type in your password to see if it’s been compromised could possibly be legit. But the folks at LastPass ensure that the tool is safe and does not store passwords.

Here’s how it works: After typing your LinkedIn password into LastPass’s tool, the service computes its SHA-1 hash and sends the result to LastPass.com. It then searches the list of 6.5 million leaked password hashes.

Check Your Linkedin Password Stolen or Not: https://lastpass.com/linkedin/

Linkedin Password Status

Wait a Minute, Why Is This Tool Safe?

You already changed your password, right? You no longer use that old password anywhere else, right? If not please make sure you do that first. The above tool asks you to enter your LinkedIn password, and then computes its SHA-1 hash and sends the result to LastPass.com to search the list of 6.5 million leaked password hashes. A hash is a mathematical function that is simple to perform in one direction, but very difficult to reverse. Meaning, the tool will convert your password into a series of characters in such a way that it will be very difficult to re-construct your original password. 

Only the hash of your password will be sent to LastPass.com's servers, not your actual password. This hash will not be stored or logged at all. Please view source the page if you're technically inclined. 

Note that if you used a simple password, such as one based on dictionary words, then it might be possible to reconstruct your original password. This is what all of the concern is about: the hashes of simple passwords can be easily reconstructed to reveal the original actual password. 

“All that’s communicated to LastPass is the hash ‚Äî the result of the one-way function performed on the password that a user enters in that box,” a LastPass spokesperson told Mashable. “So let’s say you enter ‘password1.’ You enter it and the tool performs the hashing algorithm. The hash is then sent to LastPass, and if a match is found in the database (of the 6.46 million leaked hashes) on our end, we report back a message saying that your password was compromised.”

The spokesperson also noted that the hashes are not stored on its servers: “We don’t store the hash on our end. We only perform the check and then delete it.”

Brooklyn developer Chris Shiflett created a near-identical tool called LeakedIn that appears to operate in the exact same way. On his blog, Shiflett discussed how he built the tool to find out his own password was leaked (and subsequently cracked).

Change Your Password

If your password is among the millions stolen, you should not only change it as soon as possible but also update other accounts you have that use the same password.

If you aren’t already using a password management tool — it’s time to start considering one. Tools such as LastPass and 1Password are invaluable in helping users create and manage unique, secure passwords.

Has your password been compromised? Let us know in the comments.

Previous Page Next Page

People Searching On This Page:

Related Pages


How to apply Aadhaar Card | Check Status | Enrolment slip lost what to do

How to apply Aadhaar Card | Check Status | Enrolment slip lost what to do

Articles | General Knowledge | India
Date:
14-Jan-2013  Views: 10963

Read How to apply Aadhaar Card, How to Check Aadhar Status and what to do Enrolment slip lost. ...
IBPS CWE RRB Officers Result 2012 declared: Check Results

IBPS CWE RRB Officers Result 2012 declared: Check Results

Articles | Exams | Results
Date:
06-Nov-2012  Views: 4030

IBPS CWE RRB Officers result 2012 has been declared. Previously the common written examination was held to facilitate the recruitment of the officers ...
Password Protection to USB Drive without using Software

Password Protection to USB Drive without using Software

Articles | Computers | Security
Date:
05-Oct-2012  Views: 1297

Most of the people doesn't like other people checking their personal files and folder on USB, including me. I'll show you a simple trick to lock your ...
How to Check or View Multiple Gmail Accounts at Once?

How to Check or View Multiple Gmail Accounts at Once?

Articles | Google
Date:
12-Sep-2012  Views: 1140

Many a times, one may have felt of using multiple gmail accounts at a time. But, previously we have to install some third party plug-ins and applicati ...
6.5 Million Encrypted LinkedIn Passwords Leaked Online

6.5 Million Encrypted LinkedIn Passwords Leaked Online

Articles | Computers | Security
Date:
15-Jun-2012  Views: 1121

A Russian forum user claims he has hacked LinkedIn, uploading 6,458,020 encrypted passwords (without usernames) as proof. ...
Post Your Comments (No Login Require)
Name : (required)
Email : (required)
Website :

Comment : (required)

67  + 4 =     
Comments

Google : 49 times | Yahoo : 35 times | Bing : 241 times |