Linkedin has 155M members in which rumor has it that 6.5M accounts have been compromised. If you’re a curious fellow and want to know if you were one of the 6.5M accounts, this is a quick post on how to figure it out. With the help of my buddy Josh, I found out that my account was compromised and the hackers already have my password. Here’s a quick way to find out if your Linkedin account has been affected. Below are the instructions for those that are on a Mac OS:
Download the compromised list of accounts file combo_not.txt.gz here (it’s a large file) and save it into a directory. This is the file that you’ll compare your password and see if your password is part of this list.
Fire up a terminal (usually built in with the Mac operating system).
In the terminal, navigate to the directory where you downloaded the combo_not.txt.gz file
In the command line, type in:
zgrep `echo -n password | shasum | cut -c6-40` combo_not.txt.g
(Replace “password” with your own password, case-sensitive, of course.)
If the output shows a numeric and/or alphanumeric string, your account has been one of the 6.5M that has been compromised. You should go change your Linkedin password immediately.
If there is no output, your account is not part of the hacked accounts. You may consider changing your password anyway.
(Came across a funny tweet by Hunter Walk: “Password leaks must be the new growth hacker strategy to juice 7-day-actives ” Heh.)
Update: I really don’t recommend this normally as it’s a bad habit to develop in telling people to type their passwords in to a third-party website, but if you’re a Windows user want a simple solution, you go to leakedin.org to see if your password was compromised. The people who made leakedin.org seem trustworthy and it’s a simple way for Windows users.