Flex Rich

A breach of the LinkedIn social networking site has led to the release of 6.4 million hashed emails with corresponding passwords.  LinkedIn has confirmed that this breach occurred and that the data dump is valid.  LinkedIn staff has noted that members with affected accounts will notice that their password is no longer valid.  According to LinkedIn’s blog, affected members will also receive an email (without links) containing instructions for resetting your password. An attacker with knowledge of the SHA-1 hashing algorithm could perform a brute force attack against the hashed records to retrieve the plain text information.  If the plain text information is retrieved, attackers could then attempt a mass phishing campaign using the email addresses they’ve deciphered. Attackers could also use the passwords obtained from this compromise to attempt to log into other services which may be using the same password. Examples include other social networking sites such as Faceb...