in Security

Are you LeakedIn?

As a bit of fun I got hold of the LinkedIn data leak and knocked up a tool to check if a given password is in the leak.  Take a look at it here:  By now there are probably multiple other sites doing the same thing, but I like the logo on mine and it was an excuse to play with JQuery, JSON and MySQL again.

The page doesn’t send your password to my server, just the SHA1 hash which it compares to the hash in the leaked data.  Interestingly the attackers seem to have tagged some hashes by prefixing them with five zeroes – we believe to indicate that they’ve already calculated the corresponding password.  This tool checks for those too and lets you know if your password is just in the list, or is in the list and already calculated.

Whatever the result you should change your password on LinkedIn and if you use that email/password combination anywhere else you should change it there too!