Rojakcoder
Of Linux, Programming, and Singaporean Ramblings

LinkedIn Password Leak

Sat, Jun 9, 2012 2:15PM +0800

You may or may not have heard. 6.5 million passwords were leaked from LinkedIn. Allegedly at least. It’s possible then that yours is one of them.

If you are using LinkedIn and you are concerned, as well you should be, you can find out if your password is compromised from this (appropriately named) website www.leakedin.org.

What this website does is it asks you for the password for LinkedIn. It may sound scary at first to hear that an unknown website is asking for your password, but hopefully, my following explanation will assuage those fears for you.

The site only asks for your password and not your account name. In that way, the site would not be able to match the password to your account. If you want to be doubly safe, you can check that you are not logged in to LinkedIn while you do this.

Technical Analysis

For those of you interested in the technical explanation, the site does not collect your actual password. What happens is that when you enter the password, JavaScript code running on your browser hashes your password into a string of nonsensical characters before sending to the server to see if your password is among the compromised ones. This string of characters, by all known technologies, cannot be reversed to retrieve the original password, so you can rest assured that you are not losing any confidentiality. This has been verified by other technology experts even if you don’t believe the claims made on the page.

Summary

To summarise, if you use LinkedIn, use this website to check if your password has been compromised. If so and if you use the same password on this site and on other sites, you should be changing all of them. If not, it is also prudent to change the password on LinkedIn. Stay safe!

Tags: personal
comments powered by Disqus