LeakedIn.org claims to let LinkedIn users know if passwords leaked

7 Jun 2012

Developers from Fictive Kin, who themselves fell victim to the LinkedIn security breach, have created a site where users can check if their passwords have been compromised.

LeakedIn.org is a simple web app where users can enter their passwords (or SHA-1 hash) to find out if it was one of those that was cracked on hacker forums InsidePro.

Usernames or email addresses are not required and passwords entered are hashed with JavaScript so the site appears safe enough to use, but users do so at their own risk. Also, it must be noted that entered passwords are displayed in plain text, so be wary if you are using this service on a public computer.

Chris Shiflett, the main developer behind the site, found that his own password hash was cracked and leaked. He discovered this relatively easily by finding his password’s SHA-1 hash and then searching for this among those dumped on the InsidePro forums. He explains how he did this in his blog, which may also be helpful to users trying to find out if their account could be hacked.

As stated before, even users whose have not received notification of a password breach (either via LinkedIn or by way of checking via LeakedIn) should change their passwords regardless, as there’s no telling how many may have been discovered by unknown hacker, dwdm.

Thanks to Sarah Folan for the tip!

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.