So I tweeted some re-uploaded db links before the one mentioned on that site went down. After looking to see where it spread I found yet another site called Leakedin which automatically parses pastes for potential leaks, it recorded and it made a post here: www.leakedin.com/2012/06/06/potential-leak-of-data-urls-list-315/
When reading the title of this HN post I thought someone spotted the Linkedin leak linked on Leakedin, but nope. :(
A couple points here. You can enter the sha1 hash of your password or your password in plaintext. In the latter case the sha1 is calculated on the client (using JS) before being sent to the server.
Now that we got that out of the way the more interesting pattern here is how easily people will put the plaintext password for a specific site into a webpage that sprung up overnight.
* I know Chris Shiflett is at least trusted in the tech community (has written books and talks at conferences, etc) so it's not about trusting the site but the larger social implications of user behavior.
9 comments
[ 5.5 ms ] story [ 37.3 ms ] threadWhen reading the title of this HN post I thought someone spotted the Linkedin leak linked on Leakedin, but nope. :(
Oh well here is some mirrors of mirrors: http://pastie.org/4038632 http://pastebin.com/Phi70Bsj http://safebin.net/7182 http://tinypaste.com/f7db25b2
Now that we got that out of the way the more interesting pattern here is how easily people will put the plaintext password for a specific site into a webpage that sprung up overnight.
* I know Chris Shiflett is at least trusted in the tech community (has written books and talks at conferences, etc) so it's not about trusting the site but the larger social implications of user behavior.