LeakedIn

My studiomates of FictiveKin + Chris just launched LeakedIn as a response to this morning’s LinkedIn debacle of the 6.5 million leaked passwords.

LeakedIn will help you find out if your password is one of those 6.5 million.

10 Comments leave a comment below

  1. I think it’s down. Tell them to fix it!

  2. Asking a user for another services password is bad protocol.

    Phishing scams work on the exact same principal– saying there has been a breach, you’d better enter your password to check.

    If people are concerned their password was leaked, they should change it proactively rather than supplying private information to a 3rd party app.

    I’m not suggesting these guys are malicious by any means, but this app is founded on a bad concept.

  3. Kind of reminds me of those phishing pop-ups “Has your credit card information been stolen? Enter your Credit Card Information here to find out!!”

  4. @shane Exactly. Much better spoken than my wordy response!

  5. So this is a neat idea, but it also risks providing false reassurance to not particularly technical users.

    It’s pretty clear that the cracker only published the SHAs of the pwds they couldn’t crack themselves.

    The vast majority of normal users who don’t use hard(ish) to crack passwords have also almost certainly had their account security compromised – as LinkedIn weren’t salting user pwds (because they are incalculable morons) the other ~160 million passwords were probably a just a matter of a few hours work, given rainbow tables and average 8 char pwds.

    It’s not really a good idea to give people false reassurance that their account is still secure just cos they used sexylover69 as their password.

    The better message is that if you have a LinkedIn account you should change your password. Now. More importantly LinkedIn themselves should have the balls to force a password reset for all users… but that’s unlikely to happen soon enough.

  6. Agreed, If I were LinkedIn, I’d have reset every password in the system immediately and provided instructions to set the new password.

    And then made the announcement apologizing for the breach and detailing their immediate resolution.

  7. How do we know the site isn’t using social engineering to help crack passwords? If we type our password in, and the hash matches then that is an instant cracking of that hash! :o

    I can see why someone would be very wary of this….

  8. Maybe these guys are meaning well, but what they are doing is a really bad practice.

  9. Jeez, glad I heard about this through a credible source: SwissMiss, otherwise this would definitely look like a phishing scam… just sayin’.

  10. To those of you saying it’s wrong to provide your LinkedIn password to any site other than LinkedIn, you’re right, but:

    1. To be safe, you should consider your LinkedIn password no longer usable. In other words, change it on LinkedIn, and change your password on every site where you used that same password. Never use it again.

    2. You shouldn’t be providing LeakedIn (our app) your current LinkedIn password. You should provide your old one, the one you no longer use anywhere.

    I answer a few more common questions here:

    http://shiflett.org/blog/2012/jun/leakedin#comment-27