The fuck is wrong with the public LinkedIn data? Some emails I looked up on HIBP show up there but not in the publicly shared files that have been around since forever. The line count isn't the same as Troy's either, but he counts those using a regex for emails so who knows.
I'm just wondering if there are different versions of the data... weird. Would love to know more of the history behind it from people with more knowledge :)

I delete all file right now, it is .exe format. Cannot read any row.

(October 27, 2022, 05:11 PM)konecman Wrote: I delete all file right now, it is .exe format. Cannot read any row.

Great, I was looking to get some OGs to reply and explain everything, instead I'm the one who gets the retard that got infected.

@Yosef No derailing threads with pointless stuff. You've been warned. Keep it on topic.

(October 28, 2022, 10:40 AM)pompompurin Wrote: @Yosef No derailing threads with pointless stuff. You've been warned. Keep it on topic.

Do you know anything about the topic?

(October 28, 2022, 10:41 AM)thekilob Wrote:

(October 28, 2022, 10:40 AM)pompompurin Wrote: @Yosef No derailing threads with pointless stuff. You've been warned. Keep it on topic.

Do you know anything about the topic?

iirc there are multiple versions but I don't know much beyond that

Is troys count larger or smaller then the currently released files ?

(October 28, 2022, 10:53 AM)pompompurin Wrote:

(October 28, 2022, 10:41 AM)thekilob Wrote:

(October 28, 2022, 10:40 AM)pompompurin Wrote: @Yosef No derailing threads with pointless stuff. You've been warned. Keep it on topic.

Do you know anything about the topic?

iirc there are multiple versions but I don't know much beyond that

Is troys count larger or smaller then the currently released files ?

I don't remember the line count thing, I have no idea, but it doesn't really matter since Troy doesn't do a line count, he does a count for an email regex match.

As far as I can recall, LinkedIn was originally leaked with half the hashes truncated or replaced with a bunch of zeroes, the breach only resurfaced with the correct hashes in 2016. Maybe that has something to do with the record count and someone instead uploaded a partial copy of the truncated one? Don't know anything further and could be completely wrong. But I remember there being threads on the Hashcat forum about it, its mode number was -m190.

(October 29, 2022, 12:26 AM)God Wrote: As far as I can recall, LinkedIn was originally leaked with half the hashes truncated or replaced with a bunch of zeroes, the breach only resurfaced with the correct hashes in 2016. Maybe that has something to do with the record count and someone instead uploaded a partial copy of the truncated one? Don't know anything further and could be completely wrong. But I remember there being threads on the Hashcat forum about it, its mode number was -m190.

So you're aware of at least two separate versions, correct? And the most accurate one seems to be the one everyone has? Why does it seem to be different from the data Troy has? Wondering if someone like you has a version that's better than the one on the forum, maybe a format that's not fucked up.

(October 29, 2022, 12:29 AM)thekilob Wrote:

(October 29, 2022, 12:26 AM)God Wrote: As far as I can recall, LinkedIn was originally leaked with half the hashes truncated or replaced with a bunch of zeroes, the breach only resurfaced with the correct hashes in 2016. Maybe that has something to do with the record count and someone instead uploaded a partial copy of the truncated one? Don't know anything further and could be completely wrong. But I remember there being threads on the Hashcat forum about it, its mode number was -m190.

So you're aware of at least two separate versions, correct? And the most accurate one seems to be the one everyone has? Why does it seem to be different from the data Troy has? Wondering if someone like you has a version that's better than the one on the forum, maybe a format that's not fucked up.

Unfortunately no I don't have an unfucked version, wish I did - I've only ever seen the email:hash one that's floating around. The release date gives me a feeling it came from the wave of huge leaks during 2016 (iMesh, LastFM, Tumblr), they were all email:hash:whatever format. Good luck finding info on this, because the search results are plagued with news reports on LinkedIn "breaches" that are just plain old API scrapes. Let me know if you find anything interesting, though.

And yes, there are two versions floating around. I've never compared them side-by-side and the earlier one seems to have gone extinct in favor of the one with correct hashes.