As you might imagine, we couldn’t contain ourselves this morning when we heard of the LinkedIn compromise and had to go searching for the dump.
We were able to get our hands on a copy of the password hashes, totaling 6,500,000 unique passwords. From that we were able to see that about 2,000,000 had been cracked and as of a few minutes ago, we’re close to 200,000 of our own cracks. We verified the dump by searching for known unique passwords only used by the individual on LinkedIn.
Here is a quick look at some of the worst passwords found:
Found: e4c9b93f3f0682250b6cf8331b7ee68fd8 – password
Found: 14943daad1d64c102faec29de4afe9da3d – password1
Found: a490228d003c055c36430ba00666db7ff7 – 123456788
Found: 3870ecbcd3d557b6423a8982134e17927e – pass123
Found: ed31f9f62b8a8ed162a580906c2f1f40d4 – linkedinn
Found: 0c80b6bfd450849405e8500d6d207783b6 – linkedin
Found: 74a6cde34c42a88673e62dcd4b5b3c359d – www.linkedin.com
Found: 177ae8bcf097deccbd929db5a5468d6f16 – linkedin123
Found: 3cca0d32a0affb23c3585fcbe1290ad392 – abc123!!
Found: d3e1688aac0c8549b9c86755a62e187e66 – link3d
Found: de6f8cc63e8fab705738477b40be32b3da – link3d1n
Found: d014aec7623a54f0591da07a85fd4b762d – 000000
Found: 0555e5a2b460969c789d3ad968a795921f – 0000000
Found: 41061eda4ff3c322094af068ba70c3b38b – 00000000
Found: 6fc55b8179d8b3f92c432d217c27423958 – 102938
Found: f07dc1be38b20cd6e46949a1071f9d0e3d – 111111
Found: 1a068c5fa0eea5d81a3863321a87f8d533 – 1111111
Found: 7abd7d4f51bf9226ceaf891fcbb5b299b8 – 11111111
Found: 6db543be345a32253e253945cdf5d18996 – 123098
Found: 09ca3762af61e59520943dc26494f8941b – 123456
Found: 5d64b0e216796e834f52d61fd0b70332fc – 1234567
Found: b2927d828af22f592134e8932480637c0d – 12345678
Found: 9814c6d4e9800e0d2ea9ec9fb00efa887b – 123abc
Found: 6d43a129ccf8a4186c96f3a27cdebd1cef – 1812over
Found: 3d1570b5ea2a8487c86d9c281c9e77b2a9 – 1smitty
Found: 7bd3c679ba9a6f5d99078e36e85d02b952 – 222222
Found: deae42dc9821b1dfc6907c12f985c8008b – 2222222
Found: 789006da9bb337fd5689e37a265a70f359 – 22222222
Found: ffb28a92c975769b9c22b3487903e08057 – 2bon2b
Found: d1e0c56f54387e2c587ba0d593b85a1609 – 3.14159
Found: e4a009dc1dff01643da47f62bbd47d760e – 3.141592
Found: fb18f977ea576bbcd143b2b521073f0cd6 – 333333
Found: 66d554db1c7582326a910fac8b9764c345 – 3333333
This is just another example of why every security presentation should include a slide on secure passwords. Here is an example of real users using very uncreative passwords and how easy they are.
If you have any questions please contact us at info@sucuri.net.
Pingback: PRWeb Stores Passwords In Clear Text | Sucuri()
Pingback: Lastfm and LinkedIn Passwords Hacked | The Older Geek()
Pingback: The Password Dilemma – Unique and Complex Is The Key | Sucuri Blog()
Pingback: 2012 Web Malware Trends Report Summary | Sucuri Blog()
Pingback: LivingSocial Hacked — More Than 50 Million Accounts Compromised | Sucuri Blog()