I found this analysis from a fellow network security geek in the UK to be quite interesting:
…which lends a little weight to the theory that the file primarily contains hashes which some script kiddie could not crack with basic tools, and hence makes us wonder what he’s done with all the ones which he did crack – and how much of the LinkedIn corpus that would represent?
He’s got a point. So many tools exist to easily crack these password hashes. I just tried hashcat on them using the standard Ubuntu dictionary file and cracked 20,000 of them in seconds using just my lowly laptop. So why would the hacker pretend to need help cracking them? Why post to a hacker forum where one is certain to face ridicule?
This leads me to speculate that the hacker is either enormously clueless or (perhaps more likely) aiming to embarrass and/or blackmail LinkedIn. Was this a staged demonstration of a hacker group’s power to disrupt a high-profile site? A warning to others, like Facebook and Google?
Another amusing aside is that just yesterday I used LinkedIn to send a message to a stranger who might know an old friend of mine. I tried several times to leave my email address in LinkedIn’s contact message but finally gave up: LinkedIn’s anti-spam measures are quite clever and blocked every iterations of email address obfuscation that I tried.
It’s amusing that LinkedIn can be so good at blocking spam to its users while being so bad on keeping their accounts secure!