LinkedIn user data was jeopardized Wednesday when reports surfaced that 6.5 million passwords were leaked and posted on a Russian hacker site. Websites offering a LinkedIn password hack check like LeakedIn quickly popped up so users could find out if their password was one of the 6.5 million -- or more -- leaked.
Don't fret, all may not be lost if you're one of the many who use the same password or a variant for your email and social networking logins. LeakedIn and LastPass, which also features a LinkedIn password check tool, enable users to check if their password was leaked. The sites change their LinkedIn password to a SHA-1 hash, which is then automatically compared to the 6.5 million-password database to determine if the password was hacked.
While users may be skeptical of handing over their LinkedIn password to one of these sites, the hash algorithm function converts the password into a series of characters. The process is extremely difficult to reverse, so the original password cannot be reconstructed from the hash outcome.
However, LastPass notes, it is possible to reconstruct the original from a SHA-1 hash if the password is relatively simple, such as a word in a dictionary. At this point, you probably want to beef up your security anyway by trading that weak password for a more complex one with numbers and special characters.
Here's what a good result will look like on each site.
LeakedIn:
LastPass:
Although LeakedIn and LastPass were created to enable users to check if their password was hacked, the sites serve a secondary function for bored web surfers -- entertainment. Type any potential password in the field and the sites will confirm if it was leaked. But, while confirming the leak, the tool also verifies that the password was once used by a LinkedIn user.
Actual passwords range from words that could be easily guessed -- resume and jobhunt -- to some that are pretty weird -- pussywillow and monkeysex. Gizmodo rounded up some of the funnier ones, while BuzzFeed provided a list of 23 passwords that are just sad.
Norweigan IT website Dagens IT was the first to report the massive leak to a Russian hacker site. LinkedIn responded to the claims later in the day, confirming that some passwords were compromised without specifying how many.
However, the leak may be larger than suspected. Data security company Imperva said more than 6.5 million passwords may have been leaked due to the fact that each unique password was only listed once in the file, so any two accounts sharing the same password would only appear as one.
UPDATE:
LastPass also features a password check tool for eHarmony users, whose logins may also have been compromised.