In association with heise online

08 June 2012, 09:45

Millions of passwords leaked

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

LastFM logo A list with several million passwords belonging to users of the music community site has been posted on the internet. The site owners have posted a statement saying that the company is investigating the leak and that all users of the service should change their passwords immediately. This is the third major compromise of a popular web site's passwords in as many days.

The H's associates at heise Security are in possession of a list containing approximately 2.5 million password hashes. Like the recently leaked data from eHarmony, these are unsalted MD5 hashes that are trivial to crack in today's world of fast CPU and GPU hardware and specialised techniques such as using rainbow tables. At least one million of these hashes have already been cracked and the clear text passwords have also been posted on the internet. The hashes that were leaked from LinkedIn were generated using the SHA-1 algorithm.

Users of the service are advised to change their password immediately. Furthermore, it would be prudent for any users who have reused their passwords to change them on other web sites as well. The article Storing passwords in uncrackable form at The H Security explains how server administrators can prevent passwords from being cracked this easily.

See also:

Correction: This article was changed from an earlier version that wrongly stated which algorithm LinkedIn hashed its passwords with.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit