LeakedIn.org - check if your password was leaked

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Sysman replied

8 June 2012, 12:44
Originally posted by Sockpuppet View Post

Not but if you get 100 hashes the same with come back to "thisismypassword" then its worth spending the time to crach that rather than gYJKaJkaJhaquz which is likley auto generated and just for this site.

That makes sense. Someone who makes the effort to generate a long meaningless password is probably paranoid enough to have a unique password per site.

It isn't just the site that gets attacked that is the target. Other sites where you use the same username and password might result in richer pickings.

Gawker

Gawker got into a pissing match with Anonymous. Anonymous spent a little time and managed to pull the full source code for their CMS (ganja) and also the entire 1.3M record user database. They released it as a torrent.

Gawker Hack Exposes Ridiculous Password Habits.

I recall reading at the time that the Gawker chap responsible for the pissing contest was found to be using the same password across multiple accounts.

Oh Dear.
Leave a comment:
lilelvis2000 replied

8 June 2012, 11:47
Mine's okay, I tried 'password' and apparently leaked. Just how many people have 'password' as their password!
Leave a comment:
Sockpuppet replied

8 June 2012, 11:27
Originally posted by SupremeSpod View Post

WTF?

They've cracked my password! Looks like I'll have to change it from Marill10nF4n!54F@b45tard01 to Marill10nF4n!54F@b45tard02

Not but if you get 100 hashes the same with come back to "thisismypassword" then its worth spending the time to crach that rather than gYJKaJkaJhaquz which is likley auto generated and just for this site.
Leave a comment:
NotAllThere replied

8 June 2012, 08:38
Originally posted by russell View Post

First time I've seen a moderator on a forum dishing out insults...

As a moderator, I'll never insult you. As a member, I'm happy to say I think you're unobservant as well as bit silly.
Leave a comment:
SupremeSpod replied

8 June 2012, 06:45
Originally posted by Sockpuppet View Post

I have a feeling they'll only try to crack your password if it appeared on the list more than once. After all some of my passwords are almost SHA1 hashes themselves.

No point trying to crack that when its likley it'll be unique to LinkedIn but finding 4 users with the same hash is different.

WTF?

They've cracked my password! Looks like I'll have to change it from Marill10nF4n!54F@b45tard01 to Marill10nF4n!54F@b45tard02
Leave a comment:
Sockpuppet replied

8 June 2012, 05:45
I have a feeling they'll only try to crack your password if it appeared on the list more than once. After all some of my passwords are almost SHA1 hashes themselves.

No point trying to crack that when its likley it'll be unique to LinkedIn but finding 4 users with the same hash is different.
Leave a comment:
russell replied

7 June 2012, 22:54
Originally posted by NickFitz View Post

Blindly condemning the use of the site out of pure ignorance when you could confirm that it's safe to use in about five seconds is idiotic.

So because you said it's safe or the guys who created said it's safe, or the Javascript looks ok to you, that means every other person can confirm it's safe in 5 seconds? Wait didn't you do work on this forum's code, and there were viruses etc on here, ll making sense now.
Leave a comment:
Sockpuppet replied

7 June 2012, 22:08
Originally posted by d000hg View Post

b)even if they stored plaintext passwords, it would require a human agent to manually inspect the hacked passwords and understand them, which I doubt would happen.

Unless they just post them online for tulips and giggles.
Leave a comment:
d000hg replied

7 June 2012, 21:24
I can't remember unique passwords per site and don't want to store passwords somewhere with a master key - just too much of a PITA.

However I am considering about using the same basic password, somehow 'salted' based on the website name.
e.g. passwordcontractoruk,passwordgmail,passwordhsbc etc. From what I understand of hashing and salting this would be secure since a)if they store hashed passwords any cahnge makes the hash different b)even if they stored plaintext passwords, it would require a human agent to manually inspect the hacked passwords and understand them, which I doubt would happen.
Leave a comment:
xoggoth replied

7 June 2012, 20:32
none of the things I used that password for are so important that it matters

Same here. I always use different passwords for bank etc and same old one for unimportant things like Facebook, Linkedin or CUK. Hang on though, you mean somebody could sign into CUK as us and post a load of old rubbish? Horrors!
Leave a comment:
NickFitz replied

7 June 2012, 19:58
Originally posted by Platypus View Post

Thank you Nick. Mine isn't there, but I changed it this morning when I heard the news, plus a couple of other places where I use the same password (silly me).

Post of the Day !

HTH
Leave a comment:
Platypus replied

7 June 2012, 19:28
Originally posted by NickFitz View Post

Chris Shiflett and friends have got the password hash dump and have set up a site where you can see if you're in there, and if your password had been cracked at the time the dump was produced: LeakedIn: Is your password safe?

Chris is well-known in the web development community (he's published a couple of books on web site security too) so his site can be trusted, but if you don't want to take his word for it, the site allows you to enter the SHA1 hash of your password instead. If you enter your actual password they SHA1 hash it anyway with JavaScript before sending it (I've checked and this does happen; if you use NoScript or similar remember to enable JS on the site first), so either way you won't be disclosing your password to them.

Mine is in there

Thank you Nick. Mine isn't there, but I changed it this morning when I heard the news, plus a couple of other places where I use the same password (silly me).

Post of the Day !
Leave a comment:
MarillionFan replied

7 June 2012, 18:50
Originally posted by NickFitz View Post

Blindly condemning the use of the site out of pure ignorance when you could confirm that it's safe to use in about five seconds is idiotic.

Hey bit harsh.

I've checked Russels password for him. I typed in 'TotalCretin' and yes it appears he's been hacked.
Leave a comment:
doodab replied

7 June 2012, 18:49
This one looks pretty safe and easy to remember

18a25cb38dcc89b50f5149d33f744be8f948affc
Leave a comment:
AtW replied

7 June 2012, 18:47
They should try to hash the hashes and they'll get more passwords cracked...
Leave a comment: