LeakedIn.org - check if your password was leaked

**NickFitz** · 7 June 2012, 05:31

Originally posted by Sockpuppet View Post

Looks like mine hasn't been leaked. LinkedIn was on the "generic" list which just got the same password as it wasn't important.

These days salting really should be made mandatory.

Bear in mind that, as Gentile pointed out above, this is undoubtedly just some of the hashes; the fact that your password isn't on the list doesn't mean it wasn't leaked.

**Cliphead** · 7 June 2012, 05:58

My password was leaked and cracked. Not one I use anywhere else so not much chance of any damage being done elsewhere.

Deleted the account.

**mudskipper** · 7 June 2012, 06:02

Mine shows as leaked and cracked. However, I imagine my password is one that would be chosen by lots of people, so whether it's been hacked in association with my login is not certain.

**NickFitz** · 7 June 2012, 06:25

Originally posted by k2p2 View Post

Mine shows as leaked and cracked. However, I imagine my password is one that would be chosen by lots of people, so whether it's been hacked in association with my login is not certain.

A quick check suggests there are no duplicate entries in the file, which further supports the contention that this is a filtered subset of the data available to whoever cracked it, as we would otherwise expect duplicate entries for common things like "password", "linkedin" and "123456".

Method used: sort SHA1.txt | uniq -d | wc -l although when that came up with zero, I confirmed by sorting into a new file (same length, obviously) then applying uniq to create another new file (same length, so no duplicates were removed) and then just for the hell of it applying uniq with the "only show duplicates" flag to produce yet another new file (zero length).

**Scrag Meister** · 7 June 2012, 06:45

Looks like mine wasn't leaked.

**escapeUK** · 7 June 2012, 06:57

Originally posted by Scrag Meister View Post

Looks like mine wasn't leaked.

You really typed your password into that website? Well if it wasnt leaked it could be now. (Assuming it wasnt already)

**NickFitz** · 7 June 2012, 07:01

Originally posted by escapeUK View Post

You really typed your password into that website? Well if it wasnt leaked it could be now. (Assuming it wasnt already)

The password doesn't get sent, only the hash. I checked, as in, I looked at the HTTP traffic with a dummy password and confirmed that it wasn't sent. (I already explained all this, but I suppose expecting people to read the damn thread before posting is too much.)

**Sockpuppet** · 7 June 2012, 07:12

Originally posted by NickFitz View Post

Bear in mind that, as Gentile pointed out above, this is undoubtedly just some of the hashes; the fact that your password isn't on the list doesn't mean it wasn't leaked.

Aye, I conducted a password refresh anyway

**mudskipper** · 7 June 2012, 07:13

Several years ago I worked on a project to improve a website's security.
At the time, the passwords were stored plain text in the database.
Out of curiosity, I ran a count on different passwords to see how common they were.

Top of the list - password.

About 5 of the top 20 were football teams

Names (mostly girls') were pretty common, as were various varieties of booze.

87 people had the same password as me.

**Pondlife** · 7 June 2012, 07:17

Originally posted by k2p2 View Post

87 people had the same password as me.

I've just changed mine to wanttoseemytits too.

LeakedIn.org - check if your password was leaked

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

LeakedIn.org - check if your password was leaked

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Tag Cloud