LinkedIn password leakage?

A lot of rumors are going on twitter and it sites now that LinkedIn has been hacked, or not hacked but a list containing password hashes for 6.5 million LinkedIn users are public available  on underground sites.
Either way people should change their password on LinkedIn ASAP!
Another rumor (http://telenorsoc-news.blogspot.no/2012/06/20120606-nyhetsbrev_06.html in norwegian) is that LinkedIn has using Password-hashes (unsalted SHA-1) which (If you have a short password) make it a lot easier for the hackers to decrypt your password.
If you take the word LOL and go trough a SHA-1 hash you will get the output 8a30407962eeb19b309b78ddf587aea18ab55232 a 160-bits hash.
You can read more about sha-1 http://en.wikipedia.org/wiki/SHA-1#SHA-1_pseudocode

The dump that is supposidly is avaliable only contains the password hashes and contains no usernames. So if the hackers does not have access to the usernames as well it will only get them so far..

If you go to this site http://www.md5decrypter.co.uk/sha1-decrypt.aspx
You can check if your password hash appears in the list, (This site contains 8.7 billion unique decrypted SHA1 hashes,even thou your hash might not appear on this site it might still be decrypted)
Note that when the site runs a successfull decrypt the hash value will appear in the list of recent decrypts.

(Side note: Since today Indonesia has appeared on the top with SHA-1 hashes, one might wonder if someone from here has gotten access to the list and is using the site to decrypt the hashes)

LinkedIn hasn’t delivered a official statement yet, will update this post when they do.
Update: Linkedin is investigating the issue https://twitter.com/LinkedInNews/status/210356986401927168
Update: They still havent found anything

F-secure Mikko has released some sample passwords from the alleged LinkedIn password leak
https://twitter.com/mikko/status/210341669944573955 (Might still just be a hoax)

Update 1: Might be that the dump contains old passwords, <a href=»https://twitter.com/peterkruse/status/21034565400488755
Another interesting note. Is that hackers might already hacked a bunch of passwords, more on that here https://news.ycombinator.com/item?id=4073309

 

#linkedin