Jun 8 2012
LinkedIn eHarmony and now LastFM this week we have seen many security issues with leaked username passwords. A file containing 6.5 million and another with 1.5 million passwords were released by an Russian hacker on an forum (now taken offline)with the handle “dwdm”
Passwords are generally stored in SHA hashing algorithm but that can be easily cracked with many software available in the market, which use brute force and other methods’ to crack the encrypted source into plain text. But sites should have “salted” the hashes, which is a process of adding few random texts to the password before hashing the password.
LinkedIn was the only site to provide with information of hashing after the password leak fiasco they said that password on the sites are protected using SHA-1hasing algorithm. LinkedIn should also have salted the hashes.
As a user its very much important for you to change your password immediately on the affected sites. And you also must keep in mind that few cybercriminals are taking the advantages of this password leak. They are sending links to users saying that the link will check if your password is leaked or not. But actually they are stealing the information. Link leakdein.com which is asking to check if LinkedIn password is stolen or not. Please only enter your password in the official sites not any random links.