The LinkedIn password leak debacle yesterday made LinkedIn members question the site’s security measures as well as their own password security measures. LinkedIn responded to the issue within hours, disabling the leaked passwords and sending emails explaining the situation to those members affected by the ordeal.
Though the situation is resolved for the moment, many are still curious as to whether their password was among the over 6.4 million passwords that were leaked to a hash cracking website this week. Though any members affected should have already received an email from LinkedIn, those who want to be extra-sure can check out a site called LeakedIn. The site hashes your password using the same method that the leaked hash used, and then searches for it in the leaked hash dump.
LeakedIn was created by web designer Chris Shflett and some colleagues, partly to give LinkedIn users some peace of mind, and partly to further chastise LinkedIn for the leak. Sheflett introduced the site in a post on his blog:
The app hashes your password using JavaScript, so your password never leaves your computer. You can verify this by viewing source, but if you prefer, you can also just provide your hash. We’ll let you know if your password is one of the 6.5 million that were leaked as well as if it has already been cracked.
Keep in mind that there is no way to know whether the leaked hash was the full range of passwords that were (presumably) stolen from LinkedIn. The safest bet for every LinkedIn member at this point is to change their password, and the password for every service they were using that same password for.