You might have heard, recently a database with 6.5million passwords has been released on a Russian website claiming to be the LinkedIN database. More than a few users have reported they’ve found their passwords in the database–even with pretty unique passwords. I personally can confirm that my extremely random 1Password password was found in the database. Since these passwords were unsalted it’s safe to say you should be changing this password–assuming you are part of the dump!
Here is how you can check…
While we wait for the download to complete head over to this site to generate a hash for your current LinkedIN password–now it’s true that this site might be storing the passwords, even though the code doesn’t look like it, but frankly you should have already changed this password by now so it’s not going to hurt a thing.
Once on the SHA-1 Hash generating site you’ll want to enter your old LinkedIN password in the Text you want to convert… section and then select the Calculate Hash button as shown below:
Once you click the Calculate Hash button you’ll be redirected to a screen with the hex version of your password, you’ll want to copy/paste only the top line as shown below–this is the format that LinkedIN was storing the passwords with:
Once you’ve copy/pasted the line after hex open the database we downloaded in the links above using your favorite text editor, in this example I am using textedit on a Mac.
Once you’ve got your text editor open do a find command (CMD + F on Mac/Control + F on PC) and paste in your hex code as shown below:
If your text editor reports any matches to your string it’s safe to say that your password has been leaked in the database–so if you had any hesitations about changing your password at this time you should just bite the bullet and make the change.
Remember, don’t just change your password for LinkedIN you need to change your password for every site that currently uses the same password.
If you think this task is tedious, it might be a good time to invest in a password manager like 1Password. 😉