LinkedIn Passwords "Leaked"

According to the Beeb:

LinkedIn passwords 'leaked by hackers'
Social networking website LinkedIn is investigating claims that over six million of its users' passwords have been leaked onto the internet.
Hackers posted a file containing encrypted passwords onto a Russian web forum.

They have invited the hacking community to help with decryption.

LinkedIn, which has over 150 million users, has not released a formal statement, but tweeted: "Our team is currently looking into reports."

Security researcher Graham Cluley told the BBC he believed the breach was genuine.
"We've confirmed there are LinkedIn passwords in the data.
"We did this by searching through the data for (hashed) passwords that we at Sophos use only on LinkedIn. We found those passwords in the data. We also saw that hundreds of the passwords contain the word 'Linkedin'.

"Our advice is to change your LinkedIn password. And if you use the same password on other accounts, change it there too."
Privacy concern

The news comes as LinkedIn was forced to update its mobile app after a privacy flaw was uncovered by security researchers.
Skycure Security said the the mobile app was sending unencrypted calendar entries to LinkedIn servers without users' knowledge.
The information included meeting notes, which often contain information such as dialling numbers and passcodes for conference calls.
In response LinkedIn said it would "no longer send data from the meeting notes section of your calendar".
The company stressed that the calendar function was an opt-in feature.

However, the researchers who uncovered the flaw said the transmission of the data to LinkedIn's servers was done without a "clear indication from the app to the user".
In a statement posted on the company's blog, LinkedIn's mobile product head Joff Redfern said a new "learn more" link would be added to the app so users have a clearer picture about how their information is being used and transmitted.

BBC News - LinkedIn passwords 'leaked by hackers'
I've changed mine just to be safe.
The not-really-a-problem with the LinkedIn iPhone and iPad apps - if you tell it to sync your calendar, it copies your calendar across to your LinkedIn account. Well, duh? What does "sync" mean. Of course, if some HR twit had included a lot of sensitive documents in a meeting request, these are now on a server in Mount Vernon, New York.

Anyway - I changed my password and then went to make sure I hadn't had a brain-fart or they hadn't****ed with my settings and enabled the calendar thing. Err, straight in on the iPhone without entering the new password - not happy.

Mind you, I only really use it for checking where ex-colleagues are now earning their crusts.
Thread starter Similar threads Forum Replies Date
peem The Intelligence Cell 9
meridian Jobs (Discussion) 5
Victorian_Major ARRSE Social, Events & Networking 56

Similar threads

New Posts

Latest Threads