- In the first iteration, 558 passwords found in the 554,404 (0.1%) are related to the ‘Linkedin’ string
- In the second iteration, 3248 out of 22,688 (14%) are related to the ‘Linkedin’ string
- Third iteration: 1,733 out of 3,682 (47%)
- Fourth iteration: 539 out of 917 (59%)
- Fifth iteration: 217 out of 330 (66%)
- Sixth iteration: 119 out of 152 (78%)
- Seventh iteration: 40 out of 51 (78%)
- And so on through the tenth iteration.
- pwdlink from pwlink with the rule "insert d in 3rd position"
- pwd4link from pwdlink with the rule "insert 4 in 4th position"
- pwd4linked from pwd4link with the rule "append ed"
- pw4linked from pwd4linked with the rule "remove 3rd char"
- pw4linkedin from pw4linked with the rule "append in"
- mpw4linkedin from pw4linkedin with the rule "prepend m"
- mw4linkedin from mpw4linkedin with the rule "remove second character"
- smw4linkedin from mw4linkedin with the rule "prepend s"
- sw4linkedin from smw4linkedin with the rule "remove second character"
- lsw4linkedin from sw4linkedin with the rule "prepend l".
It is highly recommended to use a strong random password generator that is known to be actually random. It is funny to note that a very old version of a command line tool called "mkpasswd" produced passwords based on a bad random salt and was generating only 32768 different passwords, this was reported and fixed 10 years ago, but I was still able to recover 140 passwords in the leaked file that had been generated by this vulnerable version of mkpasswd.
Evidence indicates that the hacker who made this leak public was most likely trying to get cracked passwords from an online community, a kind of crowdsource cracking. Since he probably possesses the list of logins as well, you might want to change your passwords in other accounts if you think he can access them with the information he has. Note that if you have unique passwords created with simple rules, you might change them as well. For example, if your password for LinkedIn is MyPW4Linkedin, a malicious cracker might guess that MyPW4Facebook might be your Facebook password. It is also recommended to change your password if your username can be guessed from it, because every password cracker on the planet is currently playing with this password file.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.