...unsalted.
If only LinkedIn had access to a list of contact information for people who have a basic fucking understanding of computer security and are looking for work.
EDIT TO ADD: There's more at
Hacker News.
0. This is a file of SHA1 hashes of short strings (i.e. passwords).
1. There are 3,521,180 hashes that begin with 00000. I believe that these represent hashes that the hackers have already broken and they have marked them with 00000 to indicate that fact.
Evidence for this is that the SHA1 hash of 'password' does not appear in the list, but the same hash with the first five characters set to 0 is.
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 is not present
000001e4c9b93f3f0682250b6cf8331b7ee68fd8 is present
Replies contain a link to
the complete dump (116MB RAR), as well as scripts in multiple languages to parse the file looking for a given password's hash.
While you may want to look to see if your password's in there just for immediate peace of mind, you should still probably change it anyway. To something you don't use somewhere else. I mean, that's what you should be doing anyway, but ESPECIALLY with a site that's already proven it's run by fucking incompetents.