Hacker News new | comments | ask | show | jobs | submit login
LinkedIn password leak (kaspersky.com)
398 points by trumpeter on May 19, 2016 | hide | past | web | favorite | 207 comments

> If you’re not sure how strong your password is, test sample passwords with our password checker here.

That is irrelevant in the face of leaked passwords; what matters most in that situation is that your password is something other than your leaked one.

If the passwords were leaked due to being stored in plain-text, no amount of complexity would protect them, obviously.

Don't use the same password on multiple sites. If your LinkedIn password is leaked, you don't want that same password to grant access to your bank account. That just as important than how strong the password is, if not more.

If some site has suffered a password leak, and you're a user of that site, you must change the password on that site, and also on all other sites where you happened to use the same password. Do it as quickly as possible without worrying how strong the new passwords are. Then change later to stronger ones.

A password's strength is inversely proportional to how often you change it. For instance, if you happen to change a password every week (for the sake of argument---few people likely do), and it takes a month to crack on the best available hardware cluster, then you're probably okay. If you change only once a year, you're much less okay; a surreptitious password breach could happen, and two months of cracking later, the attackers have your password. Meanwhile, you're still months away from changing it, not knowing there had been a breach.

By the time users learn about a breach---if ever---they should assume that their passwords have been cracked, because some unknown amount of time has passed between the actual break and the discovery. The discovery will likely stem from the fact that some of the "lower hanging" passwords have been cracked and accounts start being misused. The site admins can then only guess from various circumstantial information (logs or whatever other breadcrumbs left bind) about when the leak might have occurred.

> If the passwords were leaked due to being stored in plain-text, no amount of complexity would protect them, obviously.

One assumes LinkedIn does not store plain text passwords anywhere. That would be against best practice for the average PhpBB online forum from the late 90s. It would be criminal negligence from a company like LinkedIn. How strong your password is (and which kind of hashing function the site uses) does influence how long it takes to obtain a plausible plain text password assuming that the exfiltrated data is in the form of a list of salted hashes, which is the most reasonable assumption.

That said, changing passwords everywhere remains the safest course. Since: a) 4 years is a long time to run a password cracker + dictionary, b) there is always the possibility that the passwords were intercepted on server memory before hashing.

The said dump contains unsalted SHA1 encrypted passwords: https://www.leakedsource.com/blog/linkedin


Nitpicking. Even the Unix guys, whose line editing language you're using there, called the password hashing function "crypt"; everyone knows what it means.

"crypt" = "cryptographic hash" != "encryption".

Not to mention that someone might get the wrong idea and decide that encryption (or single-round hashing) is good enough.


       crypt -- Trapdoor encryption
Linux man page:


       crypt, crypt_r - password and data encryption
Solaris 10 man page:


       crypt - string encoding function

       The crypt() function performs password encryption ...

To be fair, "trapdoor encryption" == "hash".

Is there a complete list of the DBs in leakedsource.com somewhere?

They have this result: VerticalScope Network (Vbulletin) (939 Websites). Would be nice to know all of those 939 sites.

If you'd really want to know, I would suggest contacting the website admin on HackForums.

One assumes LinkedIn would also know better than to tell users "We'd like to import your contact list to match you up with existing members" and then go ahead and spam everyone in that contact list about joining linked in, but that was also shown to be an incorrect assumption.

The only thing one should ever assume with respect to _security_ is that the other party is going to do it wrong unless it's written out for them.

Accounts aren't all created equal. Some of my accounts, such as my domain account at work and my online banking account have real power to screw me over. Some are in the middle, like my LinkedIn account, or my gmail account, since they could be used for social engineering. Some are trivial like my Fark account or my Hacker News account. In that last tier, there's no way it's worth my time to keep rotating those on a regular basis. It wouldn't be even that much of a crime to use the same password on them, since there's virtually no way someone's going to pivot from a Fark account into my bank account. So quit being so dogmatic is what I'm saying.

"Some are in the middle, like my LinkedIn account, or my gmail account"

Your email account is the golden key to all other accounts that send "forgot password" links to it.

I don't use it myself but I would think that you wouldn't want your "professional" social network account to fall in the wrong hands either.

You rightly put "professional" in quotes. For tech people, LinkedIn is just a way to sign up for recruiter courting.

You don't, and it can be embarrassing. I've seen it happen with a colleague.

But what happened was embarrassment, not their life savings being wiped out.

Which is why I protect it. But not as hard as my bank account and not as soft as my fark account. Hence, "middle".

I would recommend lofting your email authentication into the same protection category as your bank account:

a) There is a nonzero probability that your bank can be socially engineered using information obtained from compromising your email account and anything that trusts it. b) An email account compromise implicitly means every service that resets/recovers through it has to be rekeyed. The subsequent cleaning of the stables can be messy, lengthy, and itself somewhat risky.

In particular, if you haven't already, enable MFA. If your email provider does not support MFA, change your provider.

> It wouldn't be even that much of a crime to use the same password on them, since there's virtually no way someone's going to pivot from a Fark account into my bank account. So quit being so dogmatic is what I'm saying.

This is 2016, we have password managers. Using different passwords for each site shouldn't be any more difficult than if you had not. Even using the built in ones in your browser of choice is better than not using one at all and makes using site specific passwords easy. Chrome even has a built in password generator for you, I assume this is using your operating systems CSPRNG (or BoringSSL's?) although I'm not 100% sure about that.

1: Change your password. RIGHT NOW. If you’re not sure how strong your password is, test sample passwords with our password checker here. Seriously?

Keep in mind that these estimates are based on some bogus entropy estimation. If a password hacking guy runs the correct dictionary past the hashes you password generates, it might be as small, well, as the first one tried. For example, run the passphrase Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1 past the kaspersky bruteforce estimator, you get 10,000 centuries. But this is clearly false, as inicated in http://arstechnica.com/security/2013/08/thereisnofatebutwhat.... They clearly "cracked" this in far less time: "in a matter of minutes".

As an aside, it can be so difficult to get this across to folks who aren't in the infosec headspace. I've seen even technical, computer science types absolutely not get that their ad-hoc memorable password "but no one would EVER guess that!" schemes are probably much more vulnerable than they estimate. Nevermind, even, true computing laypersons.

We have to rotate our password advice to family and friends every couple years or so. It used to be "use a random combination of memorable words with a number thrown in" a la "reddogbarkhard7". Now I feel like right after guessing the 10k most common passwords a hacker would immediately brute word combinations with a single integer ending.

The worst bias is letting the users choose their passwords. They should use a generator such as [1]. The reason is that the "entropy" is not a characteristic of a password but of the way it is generated. Computers are much better at entropy than humans.

[1] http://passwordcreator.org/

Work sent around a stupid cardboard stand which was supposed to tell us all about being excellent at our work, and the checking processes required before sending anything to clients etc etc.

We were changing domains at the same time, so my new password root is now based on the first three characters of the first 3 lines of the thing, which included some punctuation, then the standard numeral to increment every 90 days.

My password was in plain sight for a couple months before I got around to binning it, which actually makes life a lot easier. Especially when you're not using it often enough for it to be muscle memory - which is the problem my parents face.

However, such an approach corresponds to a few dozens bits of entropy at best (some for the approach, some for the length of text used, and a few for the numeral depending on whence it comes).

As stated by zamalek, the trick to not memorizing many passwords is to use a password manager.

Or, better yet, a password manager. If you aren't using one yet, now is a great opportunity.

I agree that password managers are great. They let you use completely different passwords for each service, efficiently mitigating any compromise. Also, they tend to encourage you to use actually random passwords (using a generator).

However, most users will not bother, and getting them to use at least decent passwords would be a great step forward. Additionally, you still need a master password for your password manager.

Also you can't really rely on a free password manager (which is what users will generally select) to be a long-time solution. Either because they go out of business, change their monetization model, get hacked, whatever. It's one of those things that sounds good, but in reality is unable to gain critical mass for human reasons.

What could possibly go wrong: This page was served over an insecure connection. It could have be forged or altered in transit. In red letters.

There is a certain degree of trust that non-technical users are asked to do that should leave us with at least a mild level of discomfort.

I've found that it helps to, rather than going directly into the mathematics of it all, explain to somebody that their password is going to be cracked by a computer rather than a human, and computers 'think differently'. Thus, you need to make things that seem complex to computers, not things that seem complex to humans.

The same applies verbatim for people trying to roll their own 'clever' encryption schemes.

The only sane schemes are ones that choose passphrases solely based on entropy. So, Diceware or other random generation systems.

>> test sample passwords with our password checker

> Seriously?

Sample passwords, not your actual passwords.

If you follow that link, they reinforce that with: "Never enter your real password".

Yes, that is the actual instructions that they give.

Imagine a relative of yours who is much less computer savvy than you are. What are the chances that the actually enter their real password?

And what value is this check, actually, on a fake password. "Your fake password will take xxx centuries to crack". So how does the non-tech savvy person, who might have a struggle coming up with a real, useful password, then enter one that is similar but not exact and expect a measured response?

So even if they collect "simulated" passwords, password cracking is less about entropy and more about generating dictionaries based on patterns that users are likely to use.

There isn't any value in such a site, and I claim it is less than useful.

Ok... 10,000^4 * 10 = 100,000,000,000,000,000 @1,000,000,000,000 passes per second (nsa level bruting) = 27 hours to break one single password. There's far more low hanging fruit in an encrypted list of passwords than to bother with random common word combos. Unless you're a specific target, it's not lucrative to a hacker to use brute forcing to get through the last 10 or 20% of users with good passwords.

So, being one of the people who hovers around laymanship when it comes to these questions, how hard is it to crack a randomly generated 25 character string with 5 digits and 5 symbols? This is typically what I would use for a website.

Such a password has about 157 bits of entropy, which is far too big to be found by any kind of brute-force approach.

Of course there are other ways that a password can be cracked, for example an attacker who breaks into the server can capture it as it is submitted. So it's still worth having a different password for each site.

> Such a password has about 157 bits of entropy, which is far too big to be found by any kind of brute-force approach.

To put this into perspective:

If you turned every grain of sand on Earth (about eight quintillion) into a computer able to test 1 trillion passwords per second, you'd need about 360 million years to exhaust half the search space and have better than even odds of guessing it.

That is a good choice, and it is what I recommend to whoever will listen to me, and a few that won't.

I use and recommend 1Password. To evaluate a password manager, check this page https://discussions.agilebits.com/discussion/15416/1password... for good questions to ask. For example, what data they can turn over, what their encryption practices are. Key phrase: "There is no data of yours that we keep, so there is nothing to turnover".

This can't be said by all password managers.

That's an old and outdated page. 1Password has moved to a subscription model, thus storing the encrypted database themselves. The old "offline" option is still around, but it has been deemphasized, for one because they stopped implementing features supporting it (like an offline HTML interface for opvault, or sync with other clouds besides Dropbox). Even more upsetting is that the standalone version is now much more expensive than it was. They did that to increase the attractiveness of their subscriptions of course. And the writing is on the wall really.

Well not quite. While they have added a subscription model, there is still the desktop-only version that works in accordance with that page.

I didn't notice an increase in their price--I have one at home and one from work.

Depends on how that password is stored. Mostly.

Your alphabet, lowercase + uppercase + digits + symbols, has 72 characters. There are 72 ways to pick the first character of your password, 72 ways to pick the second, etc. So there are 72 to the 25th power possible passwords, about 7.5 times 10 to the 46th (about 7 followed by 46 zeroes).

That's fewer possibilities than the number of atoms in the universe and fewer possibilities than the ways you can order a deck of cards, but if a computer can calculate one hash per nanosecond, it'd take about ... well, more millennia than I know the words for. Even if we're talking about a cluster of GPU machines, it's effectively forever. Unless you had some infinite improbability drive (like a quantum computer?) and you guess correctly on the first try.

So what did you use to generate the random password? Did you use your favorite programming language's pseudo-random number generator? Remember, "anyone who attempts to generate random numbers by deterministic means is, of course, living in a state of sin" (John von Neumann). A bad random number generator might only have 2^32 possibilities.

Let's put that aside. It's unlikely that the hacker knows which random number generator you used. It's much more likely that the company storing your passwords is not storing them securely. Passwords should not be stored, ever. Instead, the company should store a hashcode. The hashing algorithm should be like the butterfly effect -- a tiny change in the password produces an unpredictable difference in the hashcode. Unfortunately, many older hashing algorithms, like MD5, are predictable. A hacker can find an MD5 collision -- not your password, but one that hashes to the same hashcode -- within minutes.

There's more to it, but my advice is NEVER rely on password security by itself. If you care about your security, then use 2-factor authentication or physical security in combination with password protection.

Edit: Am I incorrect? I see there was a downvote. Please educate me.

How do you randomly generate these passwords?

Personally, I like to use Diceware to create random character strings.


I even bought a set of casino dice.

you can install a tool "pwgen" on linux machines that will generate you passwords, configurable with size and types of characters included.

pwgen -y 40 1

Generates one password with 40 chars, including special chars (-y).

    head -c 24 /dev/urandom | base64
will give you a password with 24 * 8 = 192 random bits.

I like the password generator and virtual dice roller on https://www.random.org, but I guess it requires one to trust their claims that they are getting numbers from atmospheric noise and not a PRNG secretly.

More importantly, that's over the network so you have to trust the site to not log what it gives back, every CA to not have issued a false cert for them (allowing them to be trivially MITMd), and all software that runs on your computer to boot.

The "PRNG" vs "Real RNG" boogeyman scare is such a load of horseshit.

The whole point of modern PRNGs is that they're good enough computers can't detect patterns. I assure you that you're gaining zero security by using random.org vs openssl rand... and in fact, you're losing massive amounts of security because it's going over the network.

Minor nitpick: you should replace "PRNG" with "cryptographically secure PRNG". Not all PRNG methods are aiming for the standard of "computers can't detect patterns", for example the common Mersenne Twister PRNG would not be a good choice to generate crypto keys or passwords.

You're right that using an internet service like that to generate passwords is insane, and there is no need for some fancy custom RNG hardware just to generate some keys/passwords.

password managers

Tinfoil hat time: if your password manager uses a bad generation scheme or backdoored RNG like Dual EC, then its passwords might be much easier to crack than they would appear.


I know you covered yourself with the tinfoil disclaimer, but Ima take you seriously here for a thought experiment...

I wonder if that's actually a risk? At least for people not being individually targeted?

A random Elbonian hacker who gets a dump of 117 million password hashes has (at least) three approaches she can take to make use of it - she can run oclHashcat or JtR using a good wordlist (say, Hashkiller or phpbb) and a reasonable ruleset to tweak them, which'll fairly quickly reveal common, reused, or guessable passwords in hours/days/weeks - or she can set it to enumerate through an entire $howeverymany bit password space, which is guaranteed to find all the passwords but not before the heat death of the universe... Or she could try only the selections out of that random keyspace that a flawed version of FooPasswordSafe is capable of generating. I'm not sure how long the last approach would take, but it'd have to be both a pretty flawed PRNG and a very widely used password safe for it to come anywhere near as useful as approach 1.

(If she's only cracking the hash for the sbeirwagen@gmail.com record, things are somewhat different to if she's just trying to find _any_ "useable" passwords out of 117 million... And if she _knows_ sbeirwagen uses DudPasswordSafe.exe, it's likely she knows better ways of attempting to acquire your password than hoping to crack it from publicly released credential dumps...)

This is always my concern. At some point the password managers become an interesting attack vector.

Why can't people just be nice.

Do you actually generate your strings randomly, or do you rely on yourself, a puny human I suppose, to generate it?

Aren't cracks of this nature thwarted by salting?

No. Salting mostly prevents rainbow tables from being very useful, but rainbow tables are questionably useful anyway with modern hardware. (Obviously depending on the type of the hash)

Yeah but isn't this method just a giant rainbow table whose source is crawlable web content?

>It would have been impossible to use a brute-force attack or even a combined dictionary to crack a phrase of that length. But because the phrase was contained in this Wikipedia article, it wound up in a word list that allowed Chrysannthou to crack the phrase in a matter of minutes.

No, a rainbow table is just a method to pre-compute hashes. Given that you can, for $500 buy a graphics card that can compute seven hundred million hashes a second, precomputation is not really of any value.

The attack described is to find potential passwords on the web or somewhere, compute the hash, see if it matches. Rainbow tables aren't any part of this process.

This most likely depends on the way you look at it (or rather how exactly he did it): did he take the word list, generate hashes from it and then check them against leaked hashes? Rainbow table.

If he took the word list to run login attempts against a server (or a local endpoint checking the leaked database) it's more of a dictionary attack.

Same result, different ways to get there. If you're able to run your cracker locally against a leaked db, it probably doesn't really matter.

The best security that an individual can get from passwords is clearly achieved by using a password manager and generating a unique random password for each site, and changing high-value passwords periodically. (It's arguably already impossible for a human to generate or remember enough good passwords, and either way it gets harder as computers get better at guessing human-generated passwords.)

However, from the point of view of someone implementing an authentication system, passwords on their own are broken. There will be a significant fraction of users who re-use their password at a site with minimal-effort security. If you subscribe to the idea that computer professionals have a moral duty to safeguard people's private information entrusted to them, then password-only authentication is just broken.

The solution is to either: spend the money to implement a multiple factor authentication system (with a secure password database and fraud detection) or use a federated identity service. (Even just sending a one-time login code via email is fine). The latter is simple and takes even less effort than implementing a password system from scratch.

There should be fines (at the very least) for having an unsalted password database with more than X number of users.

Or for an unhashed password database, c.f. http://plaintextoffenders.com/.

The fact that your password is mailed in plain text to you when you register does not prove the password is not hashed when it's stored.

In a "lost password" mail, of course, that's another thing.

A moot point. If they are sending your password across anything in plaintext, you just immediately lost a lot of the advantage you got from storing the password hashed.

If they can hack into your mail they can reset your password anyway.

(I'm not being technically correct here, but I'm being practical, and my argument here applies to 99.9999% of all cases)

It's not about hacking your email even. A significant amount of SMTP traffic still goes around unencrypted so just seeing that traffic fly by is enough to get the password.

A one-time password system should also have a second token that was sent to the browser as a cookie over SSL. When the link is clicked the browser sends both tokens (the cookie and the OTP) together. The password is only valid for one browser. Also the OTP should expire after a short time. [1] It has the same security properties as a federated identity service like OpenID (except that it is less vulnerable to phishing.)

Of course if you're talking about just a normal plain text static password, then it's obviously wrong to see it in an email.

[1] "Simple Authentication for the Web" (2007) https://isrl.byu.edu/pubs/saw_TechReport%20%28revised%20Marc...

But the mail is stored!

Arguably, sending a one-time password over email in plaintext isn't a disaster. It's stored, fine, but it's no less secure than the user's email account (that you were going to reset to anyway). If internal storage on the site is still responsible, it's not a huge concern.

Of course, a truly healthy system also wouldn't allow email-only resets, but that's life.

Fortunately, the mail is not typically stored in the user database, so acquiring it would take at least a separate leak.

By you, right? Or is it common practice to store outgoing mails?

You could always not store password reset emails.

useful tool to check your emails https://haveibeenpwned.com

https://haveibeenpwned.com/PwnedWebsites hasn't been updated yet with this yet because the list hasn't leaked entirely.

Also change your password: https://www.linkedin.com/psettings/change-password

Woo, I created my LinkedIn profile in 2015, so I should be safe since the leak is supposedly from 2012. If anyone else isn't sure when they made their LinkedIn, you can see your join date here (ctrl+f "Member since"): https://www.linkedin.com/psettings/

2009... Awesome.

Linkedin should probably be the one warning me about this, but I never heard of this before.

Edit: filtered as Spam, nevertheless they should have locked my account.

I believe it's been proven impossible to write a spam filter to distinguish useful LinkedIn email from spammy LinkedIn emails, since the spam filter would then be able to solve the halting problem.

Can't you just write this?:

    isUseful :: LinkedInMessage -> Bool
    isUseful _ = False

Sure, but password leak is pretty useful.

Omgosh, please tell me this has actually been proven and there's a paper (or blog post at least) to read about it!

I received multiple emails this morning from LinkedIn advising me to change my password.

I received none.

That means either a) You're account was not included in the comprised accounts or b) You checked an email different from your LinkedIn account.

I didn't get an email until after I logged into my account with the compromised password. Then it sent me an email and locked my account. Sort of odd way of dealing with the problem.

This all happened about 20 minutes ago.

It was just a coincidence that you received the email after you logged into your account. Logging into your account didn't trigger the email to be sent.

Glad to hear your Spam Filter work fine!

I created my profile at 2012 - thanks for that information !

Is it possible for me to check the data link to look my name up.

Yes, leakedsource.com, select "email" from the drop-down and use the email you had associated with LinkedIn in 2012.

I'm in the list :( I can't remember what password I was using in 2012, but I changed my password again anyway. At least it was never the password associated with my Gmail login, cause I'm not a derp so I don't use that anywhere but Gmail.

Just had my 10th anniversary a few days ago.

I got an email from them this morning about this, it just smells like all their other junkmail begging me to +1 their active users.

Why don't they invalidate the passwords all at once instead of letting -- someone -- use the potentially compromised passwords again...

Incredible... The email says:

"We've recently noticed a potential risk to your LinkedIn account coming from outside LinkedIn."

That's almost as bad as saying "we take security very seriously" after a hack!

What does that even mean?

How can a risk come from "outside" LinkedIn related to my password? If I haven't leaked my own password, then there should be nothing to fear, and my account should be secure.

Unless of course LINKEDIN ITSELF is compromised, and leaked my password. In that case, the wording about "coming form outside LinkedIn" just smells like BS/spin to me.

gotta spin!

Users that may no longer have access to the email on that account would have a very difficult time regaining access. But overall definitely a better idea than letting a massive number of users get locked out by someone with the hacked credentials

Then what good is sending out the warning via email?

Because the people who do have access to their email are warned.

FWIW, I was forced to reset when I tried to log in (although prior to that one of my active sessions was still working)

I got an e-mail from LinkedIn today saying that I would be forced to reset my password upon my next login. They didn't say why. I guess this explains it.

I got an email too this morning too.

They invalidated my password.

My session was intact, but a password reset was required on next login, and they encourage two factor. I did that despite not really wanting linkedin having my phone number...

When you change the password, you can click a box to inactivate all other sessions.

The email did say why:

"We've recently noticed a potential risk to your LinkedIn account coming from outside LinkedIn. Just to be safe, you'll need to reset your password the next time you log in."

Yeah, that's vague garbage. What it should have said was: "Our password database was stolen and we fucked when we tried to roll our own password hashing. Your password is likely compromised and you should change it. If you use the password on multiple websites, you should change it everywhere."

Even better, they have you click the "Forgot your password" link, as if it was your fault.

Aaaand that's why I use 'pwgen -s 22' to generate a unique password for every single site I use. I don't care if a salted password database is stolen; heck, as soon as I change my password I don't even care if a plaintext database is stolen.

Why -s? Because it means each password is a complete word, and may easily be double-clicked in a password list (which is nice, because selection is copy in X).

Why 22 characters? Because 22 mixed-case letters and digits are just over 128 bits of entropy.

Say it with me:

    pwgen -s 22

How do you track those passwords? I presume not with a password manager otherwise it would be creating your passwords for you. Do you keep them in a text file on your computer or write them down and carry them around with you or something?

I store them in an encrypted file on my computer: the encryption password is memorable, but since I have physical control of my computer (I hope!) I think the security tradeoff is a win. Rather than many memorable-but-guessable passwords scattered across numerous services, I have one memorable-but-guessable password (well, passphrase) securing a file I control.

Writing them down would probably be even better.

I use "apg".

    apg -a 0 -n 1 -m 14 -x 14 -M NCL
-a lgorithm 0 is "pronounceable". 1 is "random chars".

-n umber of passwords to generate

-m inimum and ma -x imum length

-M specifies what types of characters to use. N = Numbers C = Capital letters L = Lowercase letters. You can also add S for punctuation.

14 chars with numbers letters and caps gets you ~80 bits of entropy, which is the NIST recommended value for passwords.

I store them in 1Password. (Whose password generator I don't like, but is still infinitely better than picking your own passwords in your head.)

Why not?

I don't like that you have to specify a fixed number of numbers, special chars, etc.

I think that's cool from a UI perspective, having that control, because for some services you still want typing to be doable.

I mean, try typing this on your PC or mobile phone: &}n9$r}@pe^q;j2U33Aq8.kTa}Z2^ykQ

And compare it with this one: dn#Ze39h644s9DdTpaxRaWW&m33Vy98b

And yes, their client saves you somewhat, except that there are plenty of instances in which you resort to copy/pasting passwords. Like on Android where the integration is poor. And on the desktop as well. And guess what, copy/paste is really, really insecure, because apps can be made to listen to clipboard events, so you can have apps that are logging whatever you copy/paste. Oh, and Linux doesn't have 1Password, their old Windows client is getting replaced with a "modern Windows" app, so tough luck.

if it's truly random, then you need to if you want to guarantee you have at least 1 of various character classes..

The -M option does this in apg. (As opposed to -m, which doesn't.)

I use KeePass' password generator, which defaults to generating random sequences of 20 uppercase, lowercase, and digit characters. Usually the passwords are between 100 and 120 bits of entropy. I try to use only letters and numbers because they are easier to type on mobile phones and other non-physical-keyboard-driven devices.

That's sound advice, but most of the other people on the Internet (and most of the people in the leak) don't consider entropy when authenticating with their bank/Facebook/gmail etc.

Creating your own passwords and typing or copy/pasting them in is a broken authentication experience.

Good for you. Too bad most people can't even be bothered to use more than a couple variations of the same password.

This is an area that will get much more attention in coming years as technology finds better ways to authenticate us instead of using secret codes we have to remember.

I use pwgen for sites where I care if my account is compromised (and store them in a gpg text file), but for all those sites where I don't care, I use a terrible password, because I wouldn't care if my login on most random forums I joined to read some attachment that was members only or my linked in (if I had one) was stolen, chances are I'm going to forget I have an account there before it gets compromised, so it doesn't bother me.

I've used some sites which had a login cookie, and if you lost it, you just put your email address in and they'd send you a new link, no password needed; much nicer for many things.

Considering the amount of "growth hacking" LinkedIn use (used?) to so, sending too many emails to too many people this breach can be much more dangerous than usual.

People raises eyebrows when they get phishing emails but when it comes purposely from LinkedIn and vouched for by your social and professional circle it could get much more credible and easy to fall.

I got an email from linkedin a couple weeks ago and had the hardest time deciding if it were real or fake.

Question for the more security-savvy among you: If the leak happened in 2012 and I've changed my password since then (it's listed in your account page [1]), do I need to change it again?

Logic tells me I've got nothing to worry about, even considering potential password reuse, if they've all changed since then.

[1] https://www.linkedin.com/psettings/account

I changed it when they first announced the leak in 2012. It didn't ask me to change it when I logged today and they didn't send me the email today. I guess they know my new password is secure since I changed it since the leak.

I think you're fine.

And LinkedIn is now asking me to enter my phone number:

"Add an extra layer of security to your account. Add your phone number."

Leaking my email / password is bad enough; I'm not going to give them my phone number for more damages!

Also, access to your phone (or rather anything send to your phone number) is trivial to get via social engineering the telco.

(The attack is not very scalable, but easy enough to pull off against individual targets.)

Also, why is the 2FA option hidden under "Privacy" and not right next to the Change Password option?

You'd think they would want to advertise 2FA better...

Why do people insist on using sms as the second factor? Let me use TOTP (e.g. Google Authenticator). I don't get reception everywhere!

I get you - but how many places do you not get sms reception but you still have enough internet connection to be trying to log in to LinkedIn? (Inside a data center, maybe?)

> I get you - but how many places do you not get sms reception but you still have enough internet connection to be trying to log in to LinkedIn?

Any time you travel internationally? My phone only has one SIM slot and it's not going to be the $10/MB roaming one from back home.

SMS 2FA is an awful trend.

I agree about SMS being a bad chice for 2FA, and so do the Telcos here:


"The lobby group for Australian telcos has declared that SMS technology should no longer be considered a safe means of verifying the identity of an individual during a banking transaction."


"SMS is not designed to be a secure communications channel and should not be used by banks for electronic funds transfer authentication,"

Plenty of places around London where I have WIFI access but no 3G/4G signal (tube stations, various Starbucks, couple of Costas, my flat, DB's Bishopgate office in 2014, etc.)

It makes e.g. Twitter's insistence on SMS 2FA annoying (since their "we've sent you login request to your app" just doesn't work for me, I'm stuck with SMS).

Inside a building?

Not only that, but in general, I don't want to give them my phone number. They'll just leak it or abuse it.

Google Authenticator is great, and I use it anywhere I can. I also take a physical backup of the seeds in a secure (and secret) location, in case I lose my device.

2FA doesn't mean much if the user can 2FA from one device (i.e. Login to a site from a phone and request the 2FA SMS to the same phone).

Something needs to change here.

I disagree. Even if you use the same device to access a service, you still need the device to authenticate. It's authenticating by more than one factor. You need my password, plus my phone, plus possibly a way to access my phone (my PIN code or fingerprint). That's much better than just a password.

You can see how long you've been a LinkedIn member by going to your Privacy & Setting page, where it displays at the top.


Do we know how strong their hashing scheme was?

Edit: SHA-1... You'd think a site as big as linkedin would have strong hashing...

Just read about it being sha-1 (source: http://www.pcworld.com/article/257045/security/6-5m-linkedin...).

From that 2012 article:

"What's also troubling security researchers is that the password database contains entirely unique passwords. It's unclear whether the people who leaked the password file have more passwords that have not surfaced online. The file may, for example, be an attempt to crowd source the hacking of some of the more difficult passwords."

Well Per Thorsheim called that one!

Sha-1 with the hashes salted.

Edit: "Motherboard conversed with someone at LeakedSource who claimed that they managed to crack 90 percent of the LinkedIn passwords within three days. Though LinkedIn says it has hashed and salted its stored passwords for several years now"



Why would you think that? Linkedin isn't really known for substance or integrity are they? Also didn't it come to light that they didn't use salts either?

LinkedIn has a solid security team today. That was probably not the case when this breach apparently happened, though. Just because the dump leaked today has SHA-1 hashes, doesn't mean that's what they're doing now.

They should have never been doing that. And they regardless of what team they have, they have a terrible perception.

I'm not invested in changing your opinion of LinkedIn. I'm not a fan either. I'm just clarifying that the team there now didn't have anything to do with what happened in (apparently) 2012, and I would not count on your assumptions of what they're doing with passwords as being valid anymore.

Even that few years ago, the percentage of companies doing exactly that was pretty large. The message about bcrypt has in fact made its mark.

No, a "solid security team" doesn't wait 4 years to do password resets, nor do they let people use their personal emails for work repos.

"There are no experts, only various levels of incompetence" ;)

If you look at Cory Scott's linked-in profile, you can see that there was NO security team before he was hired. None. The breach happened before he arrived, and he is now having to deal with a four year old breach. He has built a substantial team from nothing and from what I can tell is doing all the right things.

Yeah it's a shame that the company and his team is taking the blame for the an issue that happened years ago when LinkedIn was a very different company.

Unsalted SHA1.

This is just unforgivable. This is such an incredibly basic and simple to implement feature and they've just ignored it. There should be some legal repercussions for companies neglecting security. When they surpass 100,000 users, a mandatory security audit should be passed (like a health and safety inspection). Data breaches like these just happen far too often.

Hardly, in reality salting simply doesn't make much of a difference. It's the algorithm used that matters here.

It was their legacy but still in use auth system. Accounts created past some cutoff (before the exploit) were in another, more secure system that did not use sha1.

They didn't move fast enough to get accounts moved over.

My theory is that this data leaked via custhelp.com, the filename of the data dump I have (linkedin.cfg) seems to support that.

This would also explain linkedins initial "confusion" regarding the hack.

Could you elaborate? Also, when you say '"confusion"', do you mean it was feigned?

Linkedins support site URLs (hosted by custhelp.com) used to look something like this http://linkedin.custhelp.com/cgi-bin/*linkedin.cfg*/php/endu...

I know custhelp used to be particularly insecure right around when this hack happened, as I myself discovered several vulnerabilities back then.

>Also, when you say '"confusion"', do you mean it was feigned?

Partly. From what I recall it took them quite a while to own up to this very easily verifiable hack, which could very well have been because they couldn't figure out why it happened because it didn't actually happen on their systems.

Ah...I assumed that a leak happening via third-party would be an excuse for a company to be legit confused at first and then breathe a sigh of relief because that means they can blame someone else in the press release. Though I guess that's tricky when people start asking about why their data is being given in bulk to a third party in the first place...

Doesn't matter. If your logo is on the product, it's your fault. Full stop.

That's why I put the Google Maps logo on my surveillance van.

Wow, just looking at that URL is cause for concern.

Oh yeah, it was vulnerable to the exact RCE bug you'd guess at first glance.

In fact, the hack coincides perfectly with that php-cgi bug being released. Coincidence?

> test sample passwords with our password checker here.

Do NOT do that with your exact password though :)

Link: https://password.kaspersky.com/

I'm impressed by the password cracking estimation with the Tianhe-2 Supercomputer. A 10-character password containing uppercase letters, lowercase letters, and numbers, which is estimated at a 4 year crack with a Macbook Pro, takes 31 seconds on the supercomputer.

Looks like they are using zxcvbn[1] to calculate the password entropy and converting it to a time with these parameters:

    computers               speed factor
    ZX Spectrum             k: 1300    // 30 guesses per hour (?)
    Mac Book Pro (2012)     k: 1       // 10 guesses per second (?)
    Conficker botnet        k: 5e-5    // 20000 guesses per second (?)
    Tianhe-2 Supercomputer, k: 3e-7    // 3000000 guesses per second (?)
The following line of code suggests that the speed factor is compared to 10 password guesses per second:

    Passwrdr.crack_time = result['crack_times_seconds']['online_no_throttling_10_per_second'];

[1] https://github.com/dropbox/zxcvbn

The timing are meaningless since it depends entirely on the hashing algorithm and how much key stretching was in place.

Is even the basic ratio/multiplier correct? Supercomputer is 1,000,000x faster than a 2012 MacBook Pro? I tried a few random strings and saw ratios as high as 3,000,000 - why would the ratio change based on the password? Probably because the number is nonsense.

The ratio is always 3000000 (I checked the Javascript Source). The discrepancy you see might have to do with the rounding that happens when they convert the time to a human-readable representation.

> why would the ratio change based on the password?

Probably because they may assume a dictionary order of cracking attempts?

I mean, why would the supercomputer sometimes be 1,000,000 times faster and then for a different password be 3,000,000 times faster?

Damn, my desktop is a total of 80000000000/3000000=26666.6666667 times faster than the Tianhe-2 supercomputer!

More realistically though, Kaspersky just really sucks at password cracking.

62^10 > 2^58. At 2^58 that would take ~ 2.28E+09 guesses per second - I'm really not buying this.

2.28E+09 is only a tiny fraction of what modern desktop computers can do against weaker hashes/

Mine easily hits 80Ghash/s on MD5 and around 25Ghash/s on SHA1, a more dedicated setup could easily do 10x that.

Passwords hashed with a single iteration; not to mention SHA1 - seriously? (bcrypt should be around 100ms)

I'll worry about bcrypt when people start using it.

It should of course not determine if you change your password, but no harm putting a password you no longer use

I'm going to use this to recommend a CLI for strong, memorialize passwords (if you're not using something like KeePass).


    $ pip install diceware
    $ diceware -n 8 -d ' ' --no-caps
    proton hunts blake 31 pope pivot taped plain

Who cares if their LinkedIn account gets hacked? In my case they'll be able to see 500+ recruitment agents I've never heard of as my 'contacts'.

I think password reuse is the big deal. Lots of people use the same passwords on more important accounts, which they would mind losing.

I know of a company that experienced a data breach (one that was reported in the news) due to an employee using the same password on linkedin as on their company account.

Was linkedin verified to be the source of the password or is this just speculation?

The person at that company who I heard about if from claimed they were able to verify it.

Password reuse, possible impersonation. If you work in a sensitive area, or deal with those who do, possible career, safety, or life risks.

Just because you don't know how to use LinkedIn...

Folks, this is becoming a common occurrence. Use a password generator and password vault to protect against this type of scenario.

A password vault ties you to a particular computer or mobile device. It's terribly inconvenient. But it's the best thing that we have today.

keepass + dropbox works ok.

keepass + dropbox is also my choice. There's (unofficial) keepass ports for both android and iOS too which can connect to the dropbox app. I use both and they work fine.

I think it works perfectly :P

As someone who isn't versed in security issues, can anyone explain how security breaches like this one (and Adobe etc.) occur?

I'm assuming (and I may be completely wrong) that some kind of software monitors if the database of customer details is being downloaded. If a download is detected, an alert is issued. Does software like this exist? Or there other measure that guard against these data breaches?

I'm not a security expert either, but I doubt most companies have anything like that running. Many leaks happened through the site itself, which is expected to be able to access and present that data, and even if the attacker transfers an actual file, it's fairly easy to encrypt it beforehand.

There is some software that can detect an anomaly in the regular pattern of network usage, and possibly even cut the connection, but again, I'm not sure how effective they would be here.

In any case, considering they were using unsalted SHA-1 hashes of the passwords, which was well known to be a poor practice, you should probably assume they had very little protections.

a) Basically the cracker acquires access to parts of LinkedIn's database that store user login details, including scrambled versions of passwords. Unfortunately, the algorithm used to do the scrambling is easy to undo. Since the dump is/was being circulated in the underground, anyone with a copy of it and a little bit of time can presumably unscramble the whole list, revealing all passwords stored at the time the dump was generated. Given that so many use the same login/password for multiple sites...

b) There is software (intrusion detection systems/software, or IDS) that does that, but it is rarely present by default. The hows and whys of IDS can be difficult for non-security types to grok, and it can be costly in terms of time, equipment, and money, so it often not encountered.

You don't necessarily need to get your hands on the actual database. You can also obtain the data through a side channel such as debug pages or errors messages being a little bit too generous with information.

I'm pretty sure the right move for me is going to be to just delete my account. I mainly just receive recruiter spam from it.

beyond linkedin logins, they also have a zillion email passwords from the bad old days before oauth.

A useful HaveIBeenPwned feature would be a list of pwned passwords connected to my email address.

Yes, I know - don't reuse and use a password manager. But not everyone follows best practice. Knowing which password motifs to absolutely not reuse would be helpful.

I've read zero reports of people breaking into houses, finding a piece of paper down the back of the cabinet with lots of passwords on and no site names, then using those passwords randomly to gain access to an unknown system... A 'software' or 'online' password manager seems like a terrible idea, all your eggs in one convenient basket, if Sony and VISA and the NSA are unable to secure their systems 100% of the time I doubt the maker of your software will fare much better over the long term.

This is misunderstanding the threat model. Assuming you're using a local password manager and not a 'hosted' one, the moment your system is compromised, you're screwed anyway and so that single basket doesn't really matter anymore.

If an attacker has sufficient access to read out passwords from RAM, it also has sufficient access to just keylog everything.

To follow your analogy: if somebody physically breaks into your home and places a security camera pointed at your safe(s), it's not really going to matter for the average user whether all the safe combinations are on a single piece of paper.

They're going to get them anyway, because they've compromised the environment and can just watch the footage.

Not quite: if I can steal your password manager passwords I get all of them immediately, if I compromise your system and you don't use a password manager I can slowly steal passwords over time with some effort.

Most attempts will favour "all and now", above "slowly over time".

Maybe using a password manager is better than using the password "wizard007" everywhere, including your HN account.



fair point :)

while obviously fairly painful, am assuming that came from the Stratfor list ? While I concede a piece of paper is far from secure, I'm human and what I do others do too, I would have faired better had I followed my own advice. Conveniently your point does re-inforce they key aspect of my comment, that if Stratfor, a global intelligence company, can fall foul of security then there really are very few safe ports to rely on harbouring your secrets ;) Btw, thanks for not locking me out, gentlemanly of you.

Whats interesting to me is that their spams to change your password showed up on a whole bunch of group email addresses I am a member of. So at some point linkedin went and harvested email addresses that got to my inbox and made a bunch of bad assumptions to include those as secondary addresses for me. I can only assume it was their mobile app, which is now forever uninstalled on all my devices. I simply cannot have them doing that.

For those that have forgotten, https://news.ycombinator.com/item?id=4073309

Back then there were issues. If I remember correctly, there was some nodejs even after this with no bcrypt.

anyone know how I can get a copy of the list. I want to see if the email/password combination I used back then is still in my regular circulation on other sites.

is it even verified that the data isn't again the warmed up stuff that surfaced from LinkedIn's 2012 breach? This is quite common these days.

this might be a dumb question - but if the password was unique to that account AND you have 2 factor auth enabled, is there any reason you need to change the password ?

so if some hacker somehow manages to backward engineer a salted-bcrypted-hash of my unique password, he still cant get in without my cell phone

Perhaps they won't get into your account without your password and phone. However, you've reduced your 2-Factor to 1-Factor since the password is now known. You're still relatively safe - at least safer than not having 2-Factor auth - but changing passwords is cheaper than the risk of relying on 1-Factor auth.

he could attemp to reuse the password in other websites

Just points out the fact that we should use password generators for all web sites that requires one.

> test sample passwords with our password checker here.

And you just lost my trust Kaspersky, congratulations.

2-step authentication?

I'm amazed LinkedIn is as big as it is. They have a big, new, building in Sunnyvale and lots of employees--too many it seems for a simple social network. I drive past their HQ a few times a week when I'm in Sunnyvale and see their employees, who don't look like other tech employees, waddling down the street to the McDonalds on the corner of Mathilda and Delray.

So basically, if I get interviewed by a company and I get asked why I don't have a Linkedin account, am I legitimate to respond to them by saying that Linkedin sucks in many different ways including password breach?

First off I'd be skeptical about working where they take your linkedin account seriously. Secondly, no. Because everyone sucks, everyone can get hacked, why don't you have a Facebook account, a Google account, it's only a matter of time. No one is invincible.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact