Bangalore: It was a bad day for LinkedIn, as the largest online community for professionals confirmed a security breach on Wednesday. The revelation was followed after a Russian hacker posted around 6.5 million passwords through his social account. The confirmation simply created havoc in the minds of the account holders of LinkedIn as the social community holds personal and professional information of professionals and high-level executives.

Now a New York based web developer, Chris Shiflett and his colleagues have come to the rescue. They have developed an application, LeakedIn that checks the hacked passwords in the released post. LeakedIn has a similar process as LinkedIn. It converts the user’s passwords which are in clear text into SHA-1 algorithm. Then it checks whether the password is hacked by applying match algorithm with the post. This site doesn’t transmit the password as the conversion is done within the browser itself.

Shiflett wrote in his blog that "I discovered that my password was not only one of the 6.5 million that had been leaked, it was also among those that had been cracked. I was a victim."  Password cracking tools like “John the Ripper” and “oclHashcat” are available for hackers on the net which can easily breach passwords within seconds. Another method is brute force attack where the hacker had to repeatedly try different sets of combinations of characters. The basic thing is that smaller passwords are less time consuming while longer passwords can go on for hours.

According to Robert Graham, CEO of the security consultancy Errata Security, a five letter password can lead up to 10 billion combinations and hackers can crack it within 5 seconds, similarly a 7 letter password takes time around 13 hours to be cracked while 8 character passwords requires time up to 57 days. "In other words, if your password was seven letters, the hacker has already cracked it, but if it's nine letters, it's too difficult to crack with brute force," Graham said.

But the tricky part is that LinkedIn usually asks for person’s email id as a confirmation to login and so we don’t know whether hackers have got their hands full of these details. If so then this is going to be more severe than a simple security breach and it will take more than security for LinkedIn to restore the trust of its users.