LinkedIn Hack Saga Continues – These Passwords were Mostly Present in the Data

In 2012, LinkedIn became the recipient of a large data breach that is still haunting the platform. Initially, it was reported that the hacker(s) involved managed to steal 6.5 million credentials but latest reports suggest that the data hack was far more widespread.

This revelation has arrived from Leaked Source, which is a paid search engine that provides details about hacked data. According to estimation from Leaked Source, more than 167million credentials were hacked during 2012 data breach on LinkedIn. Out of these, at least 160million contained email addresses whereas 117million contained both email IDs and passwords’ information.

Leaked Source also reported that the hacker had already decrypted almost 90% of these passwords in no more than 72 hours.

Now the latest update is that the site has revealed the list of the most common passwords that were decrypted by the hacker. There are around 2.2 million listed passwords, which still only makes up around 2% of the total data hacked.

Some of the identifiable differences between the top-most common passwords in the hacked data and the list released to inform about the year 2012 data breach have also been included in the report from Leaked Sources. The top five terms used in the passwords, as per Rapid7 RPD, a cyber-security firm, are as follows:

Source: Leaked Source
Screen Shot 2016-05-20 at 3.38.49 PM
Source: Leaked Source

0 32.49
111111 57.21
121212 17.13
123123 21.83
123456 753.31
1234567 49.65
12345678 63.77
123456789 94.31
1234567890 19.58
222222 16.17
555555 15.66
654321 33.85
666666 22.89
abc123 30.40
abcdef 15.94
bailey 18.81
baseball 17.86
buster 18.40
charlie 28.05
daniel 19.18
freedom 15.79
george 16.62
GINGER 16.04
hannah 17.04
harley 16.27
iloveyou 20.25
jessica 16.09
jordan 15.84
joshua 15.63
linked 25.33
linkedin 172.52
Linkedin1 19.44
maggie 23.89
michael 23.08
michelle 16.02
monkey 16.96
Passw0rd 18.21
password 144.46
password1 30.98
pepper 15.61
princess 22.12
qwerty 37.54
shadow 17.78
sophie 15.88
summer 16.65
sunshine 39.12
thomas 16.79
tigger 15.66
welcome 18.50

But this analysis was conducted previously by Rapid 7 when the breach actually occurred. According to the latest on this issue by Leaked Source, the passwords were stolen by the hackers were encrypted and hashed using the SHA-1 cryptographic algorithm.

However, it has been identified that the passwords weren’t “salted” and thus, were so easily decrypted. Salted basically is a security measure that adds one buffer of randomness to the password and hence, makes it all the more difficult to decrypt.

In response, LinkedIn’s chief information security officer Cory Scott stated in a blog post that the company had already applied for salted encrypted many years back but the layer of protection was added only after 2012 data hack incident.

What we can tell you with surety is that the choices of passwords mentioned above are also quite poor and very weak in protecting your accounts online. If you want to protect your accounts from hacking then you must use a password manager to get complex and lengthy passwords.

Check the full infographic of the leaked passwords on Mashable

Related Posts