Yesterday we wrote about a hacker putting up for sale a batch ofon the Dark Web, of which 117 million entries contained account passwords in hashed format.
These passwords were hashed with the SHA1 algorithm. This is a strong data encryption algorithm, but it is a breakable system, given enough time and resources.
Additionally, in 2012, LinkedIn didn’t “salt” the passwords, meaning there were not random buffer bits added to the encrypted data to make it harder to break.
If you imagine the bad guys are going to have an easy time cracking these passwords, you aren’t wrong. Even the good guys had an easy time doing so.
, a website that inventories leaked details from public data breaches, has already broken most of these passwords and provided a Top 45 most used passwords.
This reminds us of something similar that happened last September, when a hacker called CynoSure Prime cracked a large part of the.
As for LinkedIn’s response to this whole debacle, the company says it’s currently assessing how much of this data and the afferent passwords are still valid.
Back in 2012, the company did ask all affected users to change their passwords, but publicly acknowledged that only 6.5 million users as being affected.