Is your LinkedIn password leaked? You can check it yourself!
An update on my own post about the LinkedIn password leak as there are 6,5 million passwords posted on the internet by the Russian group asking for help in cracking them.

Before reading on first do a realitity check: only 6,5 million are supposedly stolen out of 160 million accounts so the odds are this time with you :)

Now the stolen password list seems to be an older one with so called unsalted passwords so you can check yourself if yours is compromised.  If you used TinkerTinker123 or another pw out of a list of 160.000 available on the internet it´s already cracked. That list is here

If not, go to the next step: find out how your password looks in so called SHA-1 format, then download the file with all the hashed passwords and see if your pw is in the list.  The example TinkerTinker123 looks like this: e6e2f76d8f0700dde2aa8d2d5b73deb0e13478fa 

Don´t be scared by the cryptic lengthy string. There are websites which convert your password into this format (SHA-1) but be aware that you need a trustworthy site which doesn´t store your password! Technically you need a local running Java client and preferably a safe https: connection. Most sites are currently down, but if you know a safe and working one, put it in the comments. 

The alternative is to encrypt your linkedIn password on your own machine which Lunix and Apple  users can do in a terminal window.  Windows users can download this program and read the readme :)

Downloading the large list of stolen encrypted passwords can be done here or here or you check the comments for an up to date link if these are flooded.

Now open this log list in f.i. Notepad++ or  Wordpad if you are patient. Search for the  SHA-1 string made of your own password. If you can´t find it, try again without the first five characters of your long string (1), still not found: you are safe. If not make sure you didn´t use this password elsewhere and if you did change it immediately and notify LinkedIn as well. 

When you´re sure your password was not leaked, head over the linked topic for an explanation and discussion about the reality of choosing a safe password

(1) the list seems to be manipulated by he Russians as the first five characters of the SHA-1 string are replaced by 00000.  You can check this if you´re savvy by searching for SHA variations of   ´password´ which pop up as 000001e4c9b93f3f0682250b6cf8331b7ee68fd8 
Shared publiclyView activity