Sucuri Blog

Website Security News

LinkedIn Password Dump Verified

As you might imagine, we couldn’t contain ourselves this morning when we heard of the LinkedIn compromise and had to go searching for the dump.

We were able to get our hands on a copy of the password hashes, totaling 6,500,000 unique passwords. From that we were able to see that about 2,000,000 had been cracked and as of a few minutes ago, we’re close to 200,000 of our own cracks. We verified the dump by searching for known unique passwords only used by the individual on LinkedIn.

Here is a quick look at some of the worst passwords found:

Found: e4c9b93f3f0682250b6cf8331b7ee68fd8 – password
Found: 14943daad1d64c102faec29de4afe9da3d – password1
Found: a490228d003c055c36430ba00666db7ff7 – 123456788
Found: 3870ecbcd3d557b6423a8982134e17927e – pass123
Found: ed31f9f62b8a8ed162a580906c2f1f40d4 – linkedinn
Found: 0c80b6bfd450849405e8500d6d207783b6 – linkedin
Found: 74a6cde34c42a88673e62dcd4b5b3c359d – www.linkedin.com
Found: 177ae8bcf097deccbd929db5a5468d6f16 – linkedin123
Found: 3cca0d32a0affb23c3585fcbe1290ad392 – abc123!!
Found: d3e1688aac0c8549b9c86755a62e187e66 – link3d
Found: de6f8cc63e8fab705738477b40be32b3da – link3d1n
Found: d014aec7623a54f0591da07a85fd4b762d – 000000
Found: 0555e5a2b460969c789d3ad968a795921f – 0000000
Found: 41061eda4ff3c322094af068ba70c3b38b – 00000000
Found: 6fc55b8179d8b3f92c432d217c27423958 – 102938
Found: f07dc1be38b20cd6e46949a1071f9d0e3d – 111111
Found: 1a068c5fa0eea5d81a3863321a87f8d533 – 1111111
Found: 7abd7d4f51bf9226ceaf891fcbb5b299b8 – 11111111
Found: 6db543be345a32253e253945cdf5d18996 – 123098
Found: 09ca3762af61e59520943dc26494f8941b – 123456
Found: 5d64b0e216796e834f52d61fd0b70332fc – 1234567
Found: b2927d828af22f592134e8932480637c0d – 12345678
Found: 9814c6d4e9800e0d2ea9ec9fb00efa887b – 123abc
Found: 6d43a129ccf8a4186c96f3a27cdebd1cef – 1812over
Found: 3d1570b5ea2a8487c86d9c281c9e77b2a9 – 1smitty
Found: 7bd3c679ba9a6f5d99078e36e85d02b952 – 222222
Found: deae42dc9821b1dfc6907c12f985c8008b – 2222222
Found: 789006da9bb337fd5689e37a265a70f359 – 22222222
Found: ffb28a92c975769b9c22b3487903e08057 – 2bon2b
Found: d1e0c56f54387e2c587ba0d593b85a1609 – 3.14159
Found: e4a009dc1dff01643da47f62bbd47d760e – 3.141592
Found: fb18f977ea576bbcd143b2b521073f0cd6 – 333333
Found: 66d554db1c7582326a910fac8b9764c345 – 3333333

This is just another example of why every security presentation should include a slide on secure passwords. Here is an example of real users using very uncreative passwords and how easy they are.

If you have any questions please contact us at info@sucuri.net.

About Tony Perez

Tony is the Head of Security Products at GoDaddy and Sucuri Co-Founder. His passion lies in educating and bringing awareness about online threats to business owners. His passions revolve around understanding the psychology of bad actors, the impacts and havoc hacks have on website owners, and thinking through the evolution of attacks. You can find his personal thoughts on security at perezbox.com and you can follow him on Twitter at @perezbox.

Reader Interactions

Comments

  1. Guy

    Found: 177ae8bcf097deccbd929db5a5468d6f16 – linkedin123

    ROFL at least they tried right……